Back to insights June 2024 · Threat Briefing

Snowflake data theft wave highlights credential hygiene gaps

Multiple Snowflake customers reported large-scale data exfiltration after attackers reused stolen usernames and passwords from unrelated breaches. Without mandatory MFA, adversaries scripted access to warehouse tenants, performed reconnaissance, and quietly exported proprietary datasets.

Organisations reliant on analytics platforms must verify that federated identities, service accounts, and contractors cannot bypass step-up authentication or long-lived tokens.

Prevention playbook:

Require phishing-resistant MFA for all Snowflake and SSO accounts, and revoke legacy key-pair authentication where possible.
Continuously monitor for large query results, network egress anomalies, and dormant accounts suddenly accessing sensitive tables.
Rotate credentials at onboarding/offboarding, and store secrets in managed vaults with session recording.