Cybersecurity

Hackers Demand as Much as $5 Million From Snowflake Clients

As many as 10 companies are being extorted with stolen data
Scammers previously made death threats against researchers

The hacking group used stolen login details to access the Snowflake accounts of as many as 165 customers.
Photographer: Gabby Jones/Bloomberg

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Charles Gorrivan, Margi Murphy, and Brody Ford

June 17, 2024 at 5:52 PM UTC

Updated on

June 17, 2024 at 6:51 PM UTC

This article is for subscribers only.

Cybercriminals are demanding payments of between $300,000 and $5 million apiece from as many as 10 companies breached in a campaign that targeted Snowflake Inc. customers, according to a security firm helping with the investigation.

The hacking scheme has entered a “new stage” as the gang looks to profit from the most valuable information it has stolen, said Austin Larsen, a senior threat analyst at Google’s Mandiant security business, which helped lead Snowflake’s inquiry. That includes auctioning companies’ data on illegal online forums to try to pressure them into making payments, he said.