Snowflake faced a supply chain breach involving theft of customer credentials by ShinyHunters via a third-party contractor's employee. Affected clients like Ticketmaster and Santander lacked multifactor authentication, comprising over 160 companies' data.
Source: https://www.wired.com/story/hospital-hack-300-million-patient-records-leaked/
TPRM report: https://scoringcyber.rankiteo.com/company/snowflake-computing
"id": "sno1019070724",
"linkid": "snowflake-computing",
"type": "Breach",
"date": "6/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 160 companies',
'industry': 'Technology',
'name': 'Snowflake',
'type': 'Corporation'},
{'industry': 'Entertainment',
'name': 'Ticketmaster',
'type': 'Corporation'},
{'industry': 'Financial Services',
'name': 'Santander',
'type': 'Corporation'}],
'attack_vector': "Third-party contractor's employee",
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Customer credentials'},
'description': 'Snowflake faced a supply chain breach involving theft of '
'customer credentials by ShinyHunters via a third-party '
"contractor's employee. Affected clients like Ticketmaster and "
'Santander lacked multifactor authentication, comprising over '
"160 companies' data.",
'impact': {'data_compromised': 'Customer credentials'},
'initial_access_broker': {'entry_point': "Third-party contractor's employee"},
'motivation': 'Theft of customer credentials',
'post_incident_analysis': {'root_causes': 'Lack of multifactor '
'authentication'},
'threat_actor': 'ShinyHunters',
'title': 'Supply Chain Breach at Snowflake',
'type': 'Supply Chain Breach',
'vulnerability_exploited': 'Lack of multifactor authentication'}