Sridhar Ramaswamy, CEO of Snowflake and formerly co-founder and CEO of startup Neeva, speaks at the Collision conference in Toronto on June 21, 2022.
Eóin Noonan | Sportsfile | Collision | Getty Images
Snowflake has spent the past seven weeks dealing with the fallout of a major cyberattack that compromised sensitive customer data at several of its clients. The software company’s problems just got a whole lot worse.
Telecommunications giant AT&T said in a regulatory filing on Friday that hackers tapped into a cloud platform housing customer data, gaining access to records of subscribers’ calls and text messages during a six-month period in 2022. The data includes phone numbers, aggregate call duration and some cell site details, AT&T said in the filing.
An AT&T spokesperson told CNBC that the cloud service was owned by Snowflake. Shares of Snowflake fell 1.8% on Friday, while the Nasdaq rose 0.6%.
It is the most severe incident since Snowflake disclosed the breach on May 30, writing in a blog post at the time, “We became aware of potentially unauthorized access to certain customer accounts on May 23, 2024.” Snowflake enlisted the help of cybersecurity software vendor CrowdStrike and Alphabet’s Mandiant to investigate.
Mandiant wrote in a blog post last month that, through its “Victim Notification Program,” the company and Snowflake have alerted 165 “potentially exposed organizations” of the incident. Mandiant blamed the hack on a financially motivated group it calls UNC5537, with members in North America and Turkey. UNC5537 drew on login credentials that had been available online after they had been stolen separately using malware.
Prior to Friday, the most notable companies connected to the Snowflake breach were Advance Auto Parts, LendingTree, Ticketmaster operator Live Nation and Santander Bank, which said in mid-May, prior to Snowflake’s disclosure, “We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.”
AT&T is much bigger. The company had 242 million customers for its U.S. wireless mobility services at the end of last year, with 128 million connected devices.
The carrier said data in the breach involves “nearly all of AT&T’s wireless customers and customers of mobile virtual network operators” using its wireless network.
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number,” AT&T wrote. Attackers did not get access to the content of calls or texts.
A Snowflake spokesperson did not provide a comment when asked about the AT&T hack. The spokesperson pointed to the company’s prior statements about the attack.
Mandiant said in its blog post that some of the malware infections in Snowflake’s systems date to 2020, and the credentials were, in some cases, still valid years after being stolen. In certain instances, the credentials had been taken on PCs used by contractors for…
Read More: Snowflake shares slip after AT&T says hackers accessed data