this post was submitted on 04 Jun 2024
63 points (94.4% liked)

Technology

59108 readers
3215 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

So apparently the hackers targeted Snowflake customers, Ticketmaster Santander etc, who FOR SOME REASON, DIDN'T HAVE 2FA TURNED ON ON THEIR SNOWFLAKE ACCOUNT?! HUH!!?

top 2 comments
sorted by: hot top controversial new old
[–] baru@lemmy.world 8 points 5 months ago* (last edited 5 months ago) (1 children)

In the EU any bank requires customers to use 2FA. Dutch customs requires critical logistics companies to use 2FA (amongst other stuff).

From what I recall critical companies must address likely methods to breach their security. It is highly likely that a company will get loads of attempts to check. Similarly, a critical company is expected to deal with employees leaving and ensuring their access is revoked.

From skimming they seem to say that there isn't a breach because an account of an ex-employee was used. But that's too easy, the processes sucked. The way they got in is just one of the things that some EU regulation requires critical companies to address. Same for perhaps not forcing customers to use 2FA. That's crazy.

The EU is usually really slow in regulating things. If they got in using a method that the EU said you had to address then it means you had ages of time and nothing was done.

Really unresponsible. Especially as I think they seem be pretty critical part of the economy.

[–] powerofm@lemmy.ca 4 points 5 months ago

we have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;

we did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems.

They're claiming that no breach occured on any production systems. If they were really just demo accounts, then skipping the MFA is understandable.