Hacker News new | ask | show | jobs
by NameError 745 days ago
This article is claiming that the Ticketmaster breach from a few days ago was actually a much broader hack affecting 400+ companies, all through a Snowflake employee's stolen credentials. This seems like a pretty big story that's only being reported on hudsonrock.com now.

I haven't heard of Hudson Rock before, does anyone know if they are a reputable source?
3 comments
richbell 745 days ago
> I haven't heard of Hudson Rock before, does anyone know if they are a reputable source?

I first learned of Hudson Rock after their "CEO" started spamming every security-related subreddit with low-effort blogspam over a period of months alleging numerous breaches. They've had several accounts banned, both by Reddit moderators and administrators.

Personally, I would no consider them a reputable or reliable source.

link
proactivesvcs 745 days ago
BBC News report of a substantial hack of Santander bank; linked to Snowflake. https://www.bbc.co.uk/news/articles/c6ppv06e3n8o
link
dralley 745 days ago
BBC just linked back to Hudson Rock's allegation FWIW, they don't have any independent confirmation
link
WhackyIdeas 745 days ago
Great, so these companies do not give a flying fuck about their customer data in making sure the data stored at cloud storage companies are end to end encrypted.

To think these random cloud storage companies can access your bank information is utterly shocking.

link
squigz 745 days ago
> To think these random cloud storage companies can access your bank information is utterly shocking.

Honestly this sort of thing shouldn't be shocking at all.

link
Johnny555 745 days ago
It’s been a while since I’ve been a Snowflake customer, but I do recall that Snowflake has a mode where the customer owns their own encryption key for their data. Snowflake employees (even admins with the highest access) have no access to the customer’s data unless the customer grants explicit access. It’d take a pretty serious breach on their compute notes to exfiltrate data.

https://docs.snowflake.com/en/user-guide/security-encryption...

link
oasisbob 745 days ago
Not surprised at all. Doesn't even depend on cloud vendors - I'm thinking back to the 2023 MOVEit vulnerability which resulted in the release of a ton of customer info from banks' own internal infrastructure.
link
halfcat 745 days ago
Can a tool like Snowflake work if it doesn’t have access to the unencrypted data?
link
orthecreedence 745 days ago
No. E2E encryption doesn't really apply here.
link
elvisizer 745 days ago
lol everyone in this thread is wrong about everything basically.
link
dnate 745 days ago
Let them be enraged. Great time to buy more SNOW :D
link
ransom1538 745 days ago
Snowflake employees need time to sell off all their shares. This news will hurt the SNOW stock price big.
link