Search

Snowflake Customers Hit in Data Theft Attacks After SaaS Integrator Breach

Cyber threats and incidents
By Evan Rowe

Related

Share

What happened

Multiple Snowflake customers were hit in data theft attacks after threat actors breached a SaaS integrations company and used its access to reach customer environments. The incident involved Babel Street, a U.S.-based data analytics firm, whose systems were breached in late March. Attackers reportedly stole credentials from the company’s infrastructure and then used that access to target connected customer environments, including some hosted in Snowflake. The report says the intrusions led to unauthorized access and data theft affecting several customers. Snowflake said the activity was not caused by a vulnerability in its platform and described the issue as part of a broader third-party compromise. The company also said affected customers have been notified and that it is working with them on investigation and response.

Who is affected

The direct exposure affects Snowflake customers whose environments were connected to the breached SaaS integrator and whose data may have been accessed or stolen through that trust relationship. The incident also affects Babel Street, whose compromise became the path used to reach downstream customer environments.

Why CISOs should care

This matters because the attack path did not begin with a flaw in the customer environment or in Snowflake itself. It began with compromise of a connected service provider that held privileged access into downstream systems. That makes the incident a reminder that integrations, service accounts, and partner access can become high-impact trust dependencies even when core platforms remain secure.

3 practical actions

  1. Review third-party integration privileges: Identify which service providers and integration platforms hold access into sensitive cloud environments, especially where those connections can reach data stores directly.
  2. Rotate and scope exposed credentials fast: Treat credentials and tokens held by connected providers as potential compromise points and move quickly to rotate them if a partner breach occurs.
  3. Map downstream blast radius before the next incident: Make sure incident response plans can quickly determine which customer environments, datasets, and service accounts are reachable through a compromised third-party integration.

For more news about intrusions involving third-party access and stolen customer data, click Cyberattack to read more.

Previous article
UK Exposes Russian Cyber Unit for Hacking Home Routers to Support Espionage Operations
Next article
FBI Says Americans Lost a Record $21 Billion to Cybercrime in 2025
Cyber threats and incidents

FBI Says Americans Lost a Record $21 Billion to Cybercrime in 2025

What happened Americans lost a record $21 billion to cybercrime...
Cyber threats and incidents

UK Exposes Russian Cyber Unit for Hacking Home Routers to Support Espionage Operations

What happened The UK publicly accused a unit of Russia’s...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.