• @kennebel
    link
    English
    256 months ago

    No MFA, and stale passwords up to 4 years old. And they say “anyone can do IT”…

    • @TexasDrunk
      link
      English
      46 months ago

      How much of that is IT and how much is the damn CIO who was appointed because he’s the CEOs wife’s cousin instead of because he knows anything and refuses to change his password?

      But I’m not bitter. At least I didn’t get caught in this one.

  • AutoTL;DRB
    link
    fedilink
    English
    26 months ago

    This is the best summary I could come up with:


    As many as 165 customers of cloud storage provider Snowflake have been compromised by a group that obtained login credentials through information-stealing malware, researchers said Monday.

    On Friday, Lending Tree subsidiary QuoteWizard confirmed it was among the customers notified by Snowflake that it was affected in the incident.

    Lending Tree spokesperson Megan Greuling said the company is in the process of determining whether data stored on Snowflake has been stolen.

    Mandiant’s Monday post said that all the compromises it has tracked so far were the result of login credentials for Snowflake accounts being stolen by infostealer malware and stored in vast logs, sometimes for years at a time.

    These credentials were primarily obtained from multiple infostealer malware campaigns that infected non-Snowflake owned systems.

    The threat actor has subsequently begun to extort many of the victims directly and is actively attempting to sell the stolen customer data on recognized cybercriminal forums.


    The original article contains 430 words, the summary contains 150 words. Saved 65%. I’m a bot and I’m open source!