After Snowflake, Hugging Face reports security breach
by nlqip
![After Snowflake, Hugging Face reports security breach](https://kartwheelnewz.info/wp-content/uploads/2024/06/After-Snowflake-Hugging-Face-reports-security-breach.jpg)
Personal credentials of the demo account of a former employee were obtained and used by the threat actors, specifically, because the account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems, according to Jones.
“The incident playing out at Snowflake is due to the same issue we’re seeing across the market, companies are not incorporating the security of their SaaS applications into their security architectures,” said Brian Soby, chief technology officer and co-founder at AppOmni. “In this case, an attacker simply bought stolen credentials and used them to log in directly to Snowflake’s ServiceNow instance, as it was misconfigured to allow Single Sign On (SSO) to be optional instead of mandatory.”
Threat group ShinyHunters, who recently claimed responsibility for Santander and Ticketmaster breaches, allegedly claimed they stole data from cloud storage company Snowflake after hacking into an employee’s account.
Source link
lol
Personal credentials of the demo account of a former employee were obtained and used by the threat actors, specifically, because the account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems, according to Jones. “The incident playing out at Snowflake is due to the same issue we’re seeing across the…
Recent Posts
- Telegram for Android hit by a zero-day exploit – Week in security with Tony Anscombe
- French Authorities Launch Operation to Remove PlugX Malware from Infected Systems
- Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
- Secure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardy
- Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security