Connect with us

Malware

Pure Storage Reveals Data Breach Following Intense Snowflake Account Hack

Pure Storage has confirmed a data breach following the hacking of their Snowflake account. The incident exposed customer information, but the company assures no financial data was compromised. Discover how this attack highlights the need for organizations to prioritize cybersecurity measures and protect their user data.

Published

on

Imagine this: you’re a company providing cloud storage systems and services to over 11,000 customers, including big names like Meta, Ford, and NASA. Then, one day, you find out that hackers have breached your security and gained access to some of your customers’ information. That’s exactly what happened to Pure Storage recently.

On Monday, Pure Storage confirmed that attackers had breached their Snowflake workspace, a cloud-based data analytics platform. The company stated that the breach exposed telemetry information, which includes customer names, usernames, and email addresses. However, they emphasized that the attackers did not gain access to any credentials for array access or data stored on customer systems.

“Following a thorough investigation, Pure Storage has confirmed and addressed a security incident involving a third party that had temporarily gained unauthorized access to a single Snowflake data analytics workspace,” the storage company said.

Since the breach, Pure has taken measures to prevent further unauthorized access to its Snowflake workspace. They have also been in contact with their customers and have not found any evidence of malicious activity targeting their systems.

Attackers target Snowflake accounts with stolen credentials

So, how did the attackers breach Pure Storage’s Snowflake workspace? According to a joint advisory by Mandiant and CrowdStrike, the attackers used stolen customer credentials to target Snowflake accounts that lacked multi-factor authentication protection.

Mandiant also linked the Snowflake attacks to a financially motivated threat actor known as UNC5537. They have been active since May 2024 and are responsible for targeting hundreds of organizations worldwide, extorting victims for financial gain.

The attackers gained access to Snowflake customer accounts using credentials stolen in historical infostealer malware infections dating back to 2020. Mandiant revealed that the impacted accounts did not have multi-factor authentication enabled, and in some cases, the stolen credentials were still valid years after they were initially stolen.

“The impacted Snowflake customer instances did not have network allow lists in place to only allow access from trusted locations,” Mandiant said.

UNC5537’s Snowflake attack spree

Mandiant has so far identified hundreds of Snowflake customer credentials exposed in various infostealer malware attacks. Snowflake and Mandiant have notified approximately 165 organizations that could have been exposed to these ongoing attacks.

Not much information is publicly available about UNC5537, but we’ve learned that they are part of a larger community of threat actors who collaborate on attacks through websites, Telegram, and Discord servers.

Recent breaches at Santander, Ticketmaster, and QuoteWizard/LendingTree have also been linked to these ongoing Snowflake attacks. In fact, Ticketmaster’s parent company, Live Nation, confirmed a data breach after its Snowflake account was compromised on May 20.

Currently, a threat actor is selling 3TB of data from automotive aftermarket parts provider Advance Auto Parts. The data allegedly includes 380 million customer profiles and 44 million loyalty/gas card numbers with customer details, stolen after the company’s Snowflake account was breached.

Don’t be the next victim

The Pure Storage breach and other Snowflake attacks are a stark reminder of the importance of cybersecurity. With threat actors like UNC5537 continually targeting organizations, it’s crucial to stay informed and take proactive measures to protect your data and systems.

That’s where we come in. As IT Services experts, we are here to help you navigate the complex world of cybersecurity. Whether you need advice on implementing multi-factor authentication, setting up network allow lists, or just staying up-to-date on the latest threats, don’t hesitate to reach out to us.

Together, we can ensure that you’re well-equipped to face the ever-evolving landscape of cyber threats. So, contact us today and keep coming back to learn more about how you can protect your organization from attacks like these.

Up Next

Life360 Exposes Hacker’s Bold Extortion Attempt Following Tile Data Breach

Don't Miss

Breaking the Silence: Cylance Confirms Data Breach Tied to a “Third-Party” Platform



Picture this: you’re sitting in a coffee shop, minding your own business, when suddenly, the door bursts open and someone yells, “There’s a thief among us!” Everyone freezes, and you can feel the tension in the air. Now, imagine that the coffee shop is the world of cybersecurity, and the thief is a data breach. This is what happened recently when Cylance, a leading cybersecurity company, confirmed a data breach linked to a “third-party” platform. Let’s dive into the details, and more importantly, what this means for you and the future of cybersecurity.



What Happened at Cylance?



According to Cylance, the breach occurred on an unnamed third-party platform, and they acted quickly to contain the situation. The company stated that no Cylance systems or products were compromised, but the exact extent of the breach is still under investigation. They’re working closely with law enforcement agencies and third-party cybersecurity experts to determine the full extent of the damage.



To be clear, this is not a small issue. Cylance is one of the leading cybersecurity companies in the world, boasting a client base that includes Fortune 100 companies and government agencies. The fact that a breach occurred on their watch raises some serious questions about the state of security in the digital age.



An Eye-Opening Reality



This data breach serves as a stark reminder that even the experts aren’t immune to the risks of cybercrime. The reality is, cybercriminals are becoming more sophisticated and relentless in their efforts to infiltrate networks and steal sensitive data. In fact, since the beginning of the COVID-19 pandemic, there has been a 600% increase in cybercrime, according to the United Nations.



As the world becomes more interconnected through technology, the stakes are higher than ever. A single breach can have far-reaching consequences, from financial ruin to the erosion of trust in the companies and institutions we rely on daily. In other words, the coffee shop thief doesn’t just steal your wallet; they can topple the entire house of cards.



What Can You Do to Protect Yourself?



First and foremost, it’s essential to stay informed about the latest cybersecurity threats and best practices for safeguarding your digital assets. Knowledge is power, and staying one step ahead of the cybercriminals is crucial in this high-stakes game of cat and mouse.



Additionally, investing in comprehensive cybersecurity solutions for your home and business is a smart move. This includes antivirus software, firewalls, and secure password management tools. Remember, prevention is always better than cure.



Stay Informed and Stay Safe



As the Cylance data breach unfolds, we’ll keep you updated with the latest information and insights. Our mission is to help you navigate the complex, ever-changing landscape of cybersecurity, and empower you to protect your digital world.



Don’t let the coffee shop thief catch you off guard. Reach out to us, stay informed, and together, we’ll weather this storm and emerge stronger and more resilient than ever.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Schneider Electric Confirms Dev Platform Breach: Hacker Seizes Sensitive Data in Bold Cyberattack

Schneider Electric has confirmed that its developer platform suffered a data breach, resulting in unauthorized access to product security vulnerability details. The breach was discovered on 10 August, after a hacker claimed to have stolen the data. Schneider Electric is working with security researchers to identify the individual responsible and the extent of the breach.

Published

on

A green sign featuring the Schneider Electric logo and "Life Is On" slogan stands prominently against a blurred green background, subtly reminding viewers of their resilience even amidst challenges like a cyberattack.

Imagine waking up one morning to find out that your entire database has been hacked, and critical information is now held hostage by a group of cybercriminals. That’s precisely what happened to Schneider Electric, a French multinational corporation known for its energy and automation products.

Unauthorized access to Schneider Electric’s data

A threat actor, who goes by the name “Grep,” recently taunted Schneider Electric on X, indicating they had breached the company’s systems. They claimed to have accessed Schneider Electric’s JIRA server using exposed credentials and scraped 400k rows of user data, including 75,000 unique email addresses and full names of the company’s employees and customers.

Schneider Electric confirmed the breach, stating that they were investigating a cybersecurity incident involving unauthorized access to one of their internal project execution tracking platforms. The company assured that its products and services remain unaffected by the breach.

A new hacking group emerges

Grep revealed to us that they had recently formed a new hacking group called the International Contract Agency (ICA), named after the game Hitman: Codename 47. Initially, the group didn’t extort companies they breached. However, upon discovering that the “ICA” name was associated with a group of Islamic terrorists, the threat actors rebranded themselves as the Hellcat ransomware gang and began developing an encryptor for future extortion attacks.

Extortion demands and a history of breaches

Grep is now extorting Schneider Electric, demanding $125,000 not to leak the stolen data and half of that amount if the company releases an official statement. This isn’t the first time Schneider Electric has faced a cybersecurity breach. Earlier this year, its “Sustainability Business” division fell victim to a Cactus ransomware attack, where the threat actors claimed to have stolen terabytes of data.

Don’t let this happen to you

As technology advances, so do the methods and tactics employed by cybercriminals. It’s essential to take cybersecurity seriously and invest in the right tools and strategies to protect your valuable data. Don’t wait until you become the next Schneider Electric. Instead, take action now to secure your digital assets and prevent a potential breach.

Keep coming back to learn more about the latest cybersecurity trends, tips, and best practices. We’re here to help you stay informed and protect your business from the ever-evolving world of cyber threats.

Continue Reading

Malware

Cisco Ensures DevHub Site Leak Won’t Empower Future Breaches

Cisco has assured customers that a recent data leak from its DevHub site will not enable future cyber breaches. The leak exposed sensitive information, including users’ API keys, but Cisco has taken the necessary steps to mitigate the potential risks and protect its users’ security.

Published

on

The Cisco logo gleams against a vibrant backdrop, with diagonal pink and blue streaks and small white dots, evoking a sense of innovative flair, reminiscent of the dynamic energy at DevHub.

Recently, a threat actor managed to download non-public files from a misconfigured public-facing DevHub portal. Although this sounds alarming, we want to reassure you that the exposed documents do not contain information that could be exploited in future breaches of our systems.

What exactly was exposed?

Upon analyzing the exposed documents, we found that their contents include data that we publish for customers and other DevHub users. However, files that shouldn’t have been made public were also available, some belonging to CX Professional Services customers.

“So far, in our research, we’ve determined that a limited set of CX Professional Services customers had files included and we notified them directly,” we said.

Our teams have worked diligently to assess the content of those files. We want to emphasize that we have not identified any information in the content that an actor could have used to access any of our production or enterprise environments.

What actions have we taken?

We have since corrected the configuration and restored public access to the DevHub site. Additionally, we’ve confirmed that web search engines did not index the exposed documents.

This update comes after we confirmed last month that we took our public DevHub site offline (a resource center for customers where we publish software code, templates, and scripts) after a threat actor leaked what we described at the time as “non-public” data.

It’s important to note that we found no evidence that any financial data or personal information had been exposed or stolen from the public DevHub portal before it was taken offline.

What about the alleged access to a developer environment?

The threat actor behind the leak, IntelBroker, claimed that they also gained access to a Cisco JFrog developer environment through an exposed API token. While we maintain that our systems haven’t been breached, information shared by the threat actor indicates that they also breached a third-party development environment, allowing them to steal data.

We’ve been contacted with further questions about IntelBroker’s claims, but we have not replied as of yet.

What’s the takeaway from all of this?

While the exposure of non-public files is a concern, we want to reiterate that the information contained within those files does not put our systems at risk for future breaches. We have taken the necessary steps to correct the configuration issues and restore access to our DevHub site, ensuring that such an incident doesn’t occur again.

As always, your security is our top priority. We encourage you to reach out to us with any questions or concerns, and keep coming back to learn more about how we’re working to protect your data and keep you safe.

Continue Reading

Malware

Interbank Admits to Data Breach After Unsuccessful Extortion Attempt and Massive Information Leak

Peruvian Interbank confirms a data breach after refusing to pay extortion demands. The hackers leaked customer information, but the bank assures no financial data was compromised. Interbank warns clients of potential phishing attacks and urges them to be cautious when providing personal information.

Published

on

A modern, glass-walled building with the Interbank logo at the top stands resilient against a blue sky background, despite recent buzz around a potential data breach.

Imagine waking up one day to find your personal and financial information plastered all over the internet. It’s a nightmare scenario, isn’t it? Well, that’s precisely what happened to a group of customers at Interbank, one of Peru’s leading financial institutions, which serves over 2 million people.

Interbank confirms data breach

Interbank recently confirmed that a data breach occurred, with a hacker gaining unauthorized access to its systems and leaking stolen data online. The bank immediately deployed additional security measures to protect its clients’ operations and information. While their online platforms and mobile app experienced temporary outages, Interbank has assured customers that their deposits are safe and that most of their operations are back online.

Stolen data for sale on hacking forums

As if the breach wasn’t bad enough, a threat actor with the handle “kzoldyck” has been spotted by Dark Web Informer selling the stolen data on several hacking forums. The data in question includes customers’ full names, account IDs, birth dates, addresses, phone numbers, email addresses, IP addresses, and sensitive financial information like credit card numbers, CVV codes, and even plaintext credentials.

The hacker claims to have information on more than 3 million customers, with a total data cache of over 3.7 terabytes. They also mention possessing internal API credentials, LDAP, and Azure credentials. It’s worth noting that the hacker reportedly attempted to extort Interbank’s management two weeks prior, but the bank refused to pay.

So, what can you learn from this?

As a U.S. reader, you might be thinking, “That’s terrible, but it’s in Peru, so it doesn’t affect me.” Unfortunately, that’s not the case. Cybersecurity threats know no borders, and hackers are constantly seeking out new targets. In fact, data breaches have become increasingly common in recent years, with a 2021 report from the Identity Theft Resource Center showing a 17% increase in publicly reported data breaches in the U.S. compared to 2020.

This case serves as a stark reminder that no one is immune to the dangers of cyber threats. It’s essential to stay vigilant and educate yourself on how to protect your personal and financial information. Consider working with IT Services who can provide you with guidance and resources to stay one step ahead of the hackers.

Don’t let this happen to you

Be proactive in safeguarding your data and take the necessary steps now to protect your information. Reach out to us at IT Services to learn more about how we can help you and your business stay safe in this digital age. Remember, the best defense is a good offense, so don’t wait for a data breach to happen before taking action.

Continue Reading

Trending

Copyright © 2023 IT Services Network.