We’ve got not recognized proof suggesting this exercise was brought on by a vulnerability, misconfiguration, or breach of Snowflake’s platform;
We’ve got not recognized proof suggesting this exercise was brought on by compromised credentials of present or former Snowflake personnel;
This seems to be a focused marketing campaign directed at customers with single-factor authentication;
As a part of this marketing campaign, menace actors have leveraged credentials beforehand bought or obtained via infostealing malware; and
We did discover proof {that a} menace actor obtained private credentials to and accessed demo accounts belonging to a former Snowflake worker. It didn’t include delicate knowledge. Demo accounts will not be linked to Snowflake’s manufacturing or company methods. The entry was doable as a result of the demo account was not behind Okta or Multi-Issue Authentication (MFA), in contrast to Snowflake’s company and manufacturing methods.