There are three primary factors that were what lead to the successful takeover we’re seeing today. Guess now, before reading the following:
- list of 3 items
1. The impacted accounts were not configured with multi-factor authentication enabled, meaning successful authentication only required a valid username and password. - 2. Credentials identified in infostealer malware output were still valid, in some cases years after they were stolen, and had not been rotated or updated.
- Finally: 3. The impacted Snowflake customer instances did not have network allow lists in place to only allow access from trusted locations.
The article indicates that there are at least 165 customers affected by this potential breach, and that says a lot for 4 years of activity.
Santander is one of Spain’s largest banks and they were owned. But they have neither acknowledged or denied the claim of this either.
The biggest takeaway is that none of the accounts had multi-factor authentication turned on.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.