Snowflake Breach Exposes 165 Customers’ Data in Ongoing Extortion Campaign

165 customers of cloud data warehousing platform Snowflake potentially had their information exposed in a data theft and extortion campaign by threat activity cluster UNC5537. According to Google-owned Mandiant, which assists Snowflake, UNC5537 targets global organizations for financial extortion. There is evidence that UNC5537 comprises members from North America and Turkey. The campaign originates from compromised customer credentials obtained via malware and cybercrime forums. Snowflake is currently working on enhancing its security measures and has urged its customers to enable multi-factor authentication.