Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

This startup brings dealers together to bid on your used car

Claude Cowork expands to mobile and web

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Claude Cowork expands to mobile and web

    7 July 2026

    The ‘first’ ransomware attack run by AI still needed a human

    7 July 2026

    If you use Google, you train its AI. See how you can opt out.

    6 July 2026

    Amazon will stop accepting new customers for Mechanical Turk

    6 July 2026

    Yes, we use OpenClaw to this day

    5 July 2026
  • Apps

    X adds a video editor to encourage creators to post original content, not stolen reposts

    7 July 2026

    You can now adjust the pace and expressiveness of Siri in the latest iOS 27 beta

    7 July 2026

    Apple is bringing back card payments for Apple Account purchases in India after a four-year hiatus

    6 July 2026

    WhatsApp now allows you to reserve usernames

    5 July 2026

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    US investors will soon have access to SK Hynix, another memory maker driving the AI ​​boom

    7 July 2026

    Smart glasses maker Even Realities hits $1 billion valuation with $150 million in funding led by Meituan, Tencent

    6 July 2026

    5 office gadgets that can make your work day better

    6 July 2026

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026
  • Media & Entertainment

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026
  • Security

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026
  • Startups

    Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

    7 July 2026

    Station F emerges as a launch pad for Europe’s hottest AI startups

    6 July 2026

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026
  • Transportation

    This startup brings dealers together to bid on your used car

    7 July 2026

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026
  • Venture

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Hundreds of Snowflake customer passwords found online linked to information-stealing malware
Security

Hundreds of Snowflake customer passwords found online linked to information-stealing malware

techtost.comBy techtost.com6 June 202408 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Hundreds Of Snowflake Customer Passwords Found Online Linked To Information Stealing
Share
Facebook Twitter LinkedIn Pinterest Email

Cloud data analytics company Snowflake is at the center of a recent wave of alleged data thefts as its enterprise customers try to figure out if their cloud data stores have been compromised.

Snowflake helps some of the world’s largest companies – including banks, healthcare providers and technology companies – store and analyze massive amounts of data, such as customer data, in the cloud.

Last week, Australian authorities sounded the alarm saying they were aware of “successful compromises of several companies using Snowflake environments,” without naming the companies. The hackers had claimed on a well-known cybercrime forum that they had stolen hundreds of millions of customer records from Santander Bank and Ticketmaster, two of Snowflake’s biggest customers. Santander confirmed database breach “hosted by a third party provider”, but does not name that provider. On Friday, Live Nation confirmed that its Ticketmaster subsidiary had been hacked and that the stolen database was hosted on Snowflake.

Snowflake recognized in a brief statement that it was aware of “potentially unauthorized access” to a “limited number” of customer accounts, without specifying which ones, but that it found no evidence of a direct breach of its systems. Instead, Snowflake called it a “targeted campaign targeting users with single-factor authentication” and that the hackers used “previously purchased or information-stealing malware” designed to scrape a user’s saved passwords from his computer.

Despite the sensitive data Snowflake maintains about its customers, Snowflake allows each customer to manage the security of their environment and does not automatically enroll or require its customers to use multi-factor authentication or MFA; according to the Snowflake customer documentation. Not enforcing the use of MFA appears to be how cybercriminals allegedly obtained massive amounts of data from some Snowflake customers, some of whom were setting up their environments without the added security measure.

Snowflake admitted that one of its own “demo” accounts was compromised because it was not protected beyond a username and password, but claimed that the account “did not contain any sensitive data”. It is unclear if this stolen demo account has any role in the recent breaches.

TechCrunch this week saw hundreds of alleged Snowflake customer credentials available online for cybercriminals to use as part of hacking campaigns, suggesting that the risk of Snowflake customer account compromises may be much greater than first known.

The credentials were stolen by malware infecting the computers of employees accessing their employer’s Snowflake environment.

Some of the credentials seen by TechCrunch appear to belong to employees at companies known to be customers of Snowflake, including Ticketmaster and Santander, among others. Employees with access to Snowflake include database engineers and data analysts, some of whom report their experience using Snowflake on their LinkedIn pages.

For its part, Snowflake has told customers to immediately enable MFA for their accounts. Until then, Snowflake accounts that don’t enforce the use of MFA to sign in leave their stored data at risk of being compromised by simple attacks like password theft and reuse.

How we checked the data

A source with knowledge of cybercriminal activity directed TechCrunch to a site where would-be attackers can search for lists of credentials stolen from various sources, such as stealing malware on someone’s computer or collecting from previous data breaches. (TechCrunch does not link to the site where stolen credentials are available, so as not to help bad actors.)

In total, TechCrunch has seen more than 500 credentials containing employee usernames and passwords, along with the web addresses of the login pages for the corresponding Snowflake environments.

The exposed credentials appear to be Snowflake environments owned by Santander, Ticketmaster, at least two pharmaceutical giants, a food delivery service, a public freshwater supplier and others. We also saw exposed usernames and passwords allegedly belonging to a former Snowflake employee.

TechCrunch is not naming the former employee because there is no evidence they did anything wrong. (It is ultimately the responsibility of both Snowflake and its customers to implement and enforce security policies that prevent intrusions resulting from the theft of employee credentials.)

We didn’t test for stolen usernames and passwords, as doing so would break the law. Therefore, it is unknown if the credentials are currently in use or if they directly led to account breaches or data theft. Instead, we worked to verify the authenticity of exposed credentials in other ways. This includes checking the individual login pages of the Snowflake environments exposed by the information-stealing malware, which was still active and connected at the time of writing.

The credentials we’ve seen include the employee’s email address (or username), their password, and the unique web address to log into their company’s Snowflake environment. When we checked the web addresses of Snowflake environments — which are often made up of random letters and numbers — we found that registered Snowflake customer login pages are publicly accessible, even if they are not searchable online.

TechCrunch has confirmed that the Snowflake environments correspond to the companies whose employee credentials were compromised. We were able to do this because every login page we checked had two separate options to log in.

One way to sign in is based on Okta, a single sign-on provider that allows Snowflake users to sign in with their company’s corporate credentials using MFA. In our checks, we found that these Snowflake login pages were redirected to the Live Nation (for Ticketmaster) and Santander login pages. We also found a set of credentials belonging to a Snowflake employee whose Okta login page still redirected to an internal Snowflake login page that no longer exists.

The other Snowflake login option allows the user to use only their Snowflake username and password, depending on whether the enterprise customer enforces MFA on the account, as described by Snowflake’s own support documentation. It is these credentials that appear to have been stolen by the malware stealing information from employees’ computers.

It’s unclear exactly when the employees’ credentials were stolen or how long they were online.

There is some evidence to suggest that several employees with access to their company’s Snowflake environments have previously had their computers compromised by information-stealing malware. According to an audit for the breach notification service Have I Been Pwned, several of the corporate email addresses used as usernames to access Snowflake environments were found in a recent data dump containing millions of stolen passwords is scraped from various Telegram channels used to share stolen passwords.

Snowflake spokeswoman Danica Stanczak declined to answer specific questions from TechCrunch, including whether any of its customers’ data was found in the Snowflake employee’s test account. In a statement, Snowflake said it is “suspending some user accounts where there is strong evidence of malicious activity.”

Snowflake added: “Under Snowflake’s shared responsibility model, customers are responsible for enforcing MFA with their users.” The spokesperson said that Snowflake is “looking at all options for enabling MFA, but we have not finalized any plans at this time.”

When reached by email, Live Nation spokeswoman Kaitlyn Henrich had no comment as of press time.

Santander did not respond to a request for comment.

The lack of MFA has resulted in massive breaches

Snowflake’s response so far leaves many questions unanswered and reveals a number of companies that are not reaping the benefits that MFA security provides.

What is clear is that Snowflake bears at least some responsibility for not requiring its users to enable security mode, and now bears the brunt of it — along with its customers.

The data breach at Ticketmaster reportedly involved more than 560 million customer records, according to cybercriminals who advertised the data online. (Live Nation would not comment on how many customers are affected by the breach.) If proven, Ticketmaster would be the largest data breach in the US so far this year and one of the largest in recent history.

Snowflake is the latest company in a series of high-profile security incidents and major data breaches caused by a lack of MFA.

Last year, cybercriminals deleted about 6.9 million customer records from 23andMe accounts that weren’t protected without MFA, prompting the genetic testing company — and its competitors — to require users to enable MFA by default to prevent a repeat attack.

And earlier this year, UnitedHealth-owned health tech giant Change Healthcare admitted hackers broke into its systems and stole massive amounts of sensitive health data from a system not protected by MFA. The healthcare giant has not yet said how many people had their information breached, but said it was likely to affect a “significant percentage of people in America”.


Do you know more about Snowflake account hacks? Getting in touch. To contact this reporter, please contact Signal and WhatsApp at +1 646-755-8849 or via email. You can also send files and documents via SecureDrop.

cloud customer cyber security data breach hundreds informationstealing linked malware online passwords Santander Snowflake TicketMaster
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleDealt turns retailers into service providers and proves that pivots sometimes work
Next Article Amazon buys Indian video streaming service MX Player
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

6 July 2026

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

7 July 2026

This startup brings dealers together to bid on your used car

7 July 2026

Claude Cowork expands to mobile and web

7 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

Station F emerges as a launch pad for Europe’s hottest AI startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.