HackerTrans
TopNewTrendsCommentsPastAskShowJobs

BlackNitrogen

no profile record

comments

BlackNitrogen
·2 anni fa·discuss
The OP Hudson Rock writes something that I understand is saying: This was more than a breach of one customer's credentials, they got some employee creds and they weren't protected by 2 factor so they got into other customer accounts using that engineer's creds.

The snowflake writeup reads to me as if a customer's account creds got compromised - and it implied to me that was the end of it, no central or other account access on thoes creds. Nothing about this use of some employee account info that didn't have 2 factor auth on it.

1. I'm sure snowflake wants all access creds of any kind for their internal employees to use 2fa.

2. It used to be at least as a customer you could create a name/password without 2fa to log in to your own info there if you wanted to, like say as a customer you create a db or table and want to access it.
BlackNitrogen
·3 anni fa·discuss
That's just such an example of how it works. "Our employees are in high cost of living areas, missing earnings will be demoralizing". If you worked in a large corp for a while, you notice this happening. Everyone is incentivized to hit short term goals.