Snowflake apparently has a big cybersecurity problem but auditor PwC never warned anyone

Snowflake is being cagey about a reportedly massive cyber incident. Maybe it's getting advice from the firm, PwC, that should have caught the weakness and reported it.

On May 31 journalist Emma Roth at media outlet The Verge, which says it focuses on "technology and how it makes us feel”, filed the following story:

Massive Ticketmaster, Santander data breaches linked to Snowflake cloud storage

A data breach potentially affecting as many as 560 million Ticketmaster accounts and a confirmed one for Santander Bank may have stemmed from attacks on the cloud storage accounts with a company called Snowflake. As spotted by Bleeping Computer, an investigation from cybersecurity firm Hudson Rock reports that a bad actor gained access to Ticketmaster and Santander by using the stolen credentials of a single Snowflake employee.

According to Hudson Rock, the hacker bypassed the authentication service Okta using these credentials and then generated session tokens to obtain a trove of information from Snowflake. In addition to Ticketmaster — which publicly acknowledged the breach later on Friday evening — and Santander Bank, Hudson Rock suggests the hacker may have gained access to hundreds of other Snowflake customers. A few of the major brands that use the cloud storage service include AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard.

The report likely made customers of Ticketmaster and Santander, and everyone associated with Snowflake, feel pretty lousy!