QuoteWizard, another Snowflake customer, confirms breach – media


The number of organizations whose Snowflake accounts were breached continues to mount, with loan comparison site LendingTree confirming that its subsidiary QuoteWizard had its data stolen.

The wave of credential-stuffing attacks against cloud provider Snowflake clients has engulfed yet another victim. According to TechCrunch, LendingTree has confirmed that Snowflake notified the company about QuoteWizard, which “may have had data impacted.”

Meanwhile, Snowflake reiterated its earlier position, which shifts the blame towards customers not using multi-factor authentication.

“As an update to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts, our most recent findings, supported by cyber experts CrowdStrike and Mandiant, remain unchanged,” Snowflake said.

The Ticketmaster data breach, which exposed 560 million of the company’s customers, likely happened after attackers accessed its Snowflake account. The company confirmed that attackers accessed its “third-party cloud database environment.”

Last week, malicious actors said they had stolen three terabytes of data from Advance Auto Parts, a US-based automotive parts behemoth, via the company’s Snowflake account. The dataset allegedly includes vast amounts of information, including 380 million customer profiles.

Snowflake boasts numerous prominent clients such as Mastercard, AT&T, ExxonMobil, Cisco, Adobe, CapitalOne, Doordash, Roku, EA, Siemens, Kraft Heinz, and others.