Report: Consumer Data From Snowflake Hack Being Sold to Cybercriminals

Consumer data from LendingTree subsidiary QuoteWizard was reportedly stolen by hackers, who are selling it to the highest bidder on cybercriminal forums.

The theft and subsequent sale of stolen data may be part of the incident in which hackers accessed cloud database accounts hosted by Snowflake, Bloomberg reported Thursday (June 20), citing unnamed sources.

LendingTree told Bloomberg that the company is investigating the incident and will notify all impacted customers when that investigation is complete, according to the report.

The company has also said that the breach didn’t affect information linked to LendingTree, that it didn’t affect financial account information of QuoteWizard customers, and that LendingTree is investigating whether the incident was part of the larger hacking campaign that has affected as many as 165 Snowflake clients, per the report.

Snowflake didn’t comment on this report but referred Bloomberg to a June 10 blog post, according to the report.

It was reported on June 10 that a “significant volume of data” was stolen from at least 165 customers of Snowflake in a cyberattack.

The incident was thought to be linked to earlier data breaches at Ticketmaster, Santander Bank and the City of Cleveland.

The cybercriminals behind the Snowflake breach have publicly claimed to be selling stolen data from LendingTree and Advance Auto Parts, which were obtained from their enterprise Snowflake accounts.

On Monday (June 17), it was reported that hackers who targeted Snowflake customers were demanding ransom payments ranging from $300,000 to $5 million from as many as 10 breached companies.

The group had begun auctioning the stolen data on illegal online forum in an attempt to pressure the affected companies into making ransom payments.

Ninety percent of companies say their cybersecurity risks increased in the last year, according to a survey of compliance professionals published in May by The Wall Street Journal (WSJ).

Nearly all mid-sized businesses — defined in the report as having between $50 million and $1 billion in revenue — said they felt cyber threats had risen.

The WSJ said it surveyed roughly 300 compliance professionals, with a little more than a third of them working in financial services, 13% in professional and business services, and 9% in the technology space.

PYMNTS-MonitorEdge-May-2024