How Infostealers Pillaged the World’s Passwords

For the past two months, cybercriminals have advertised for sale hundreds of millions of customer records from major companies like Ticketmaster, Santander Bank, and AT&T. Each victim company was a customer of the cloud data storage firm Snowflake and was compromised not through a sophisticated hack, but because attackers had login credentials for each victim company’s Snowflake accounts—a data-stealing spree that impacted at least 165 Snowflake customers. “We’ve seen nation-states leverage infostealers, we’ve seen criminals leverage infostealers, and we’ve seen teenage hacking crews leverage infostealers,” says Charles Carmakal, chief technology officer of Google-owned cybersecurity firm Mandiant. If a data dump included working login credentials for a corporate employee’s enterprise accounts, a ransomware gang, business email compromise scammer, or state-backed actor could use the access as a jumping off point to launch their attacks. Platforms like Genesis Market, which was taken down by law enforcement last year, and Russian Market, organize infostealer logs and even make them somewhat searchable so hackers who are looking to target more niche organizations or those who don’t have financial motivations can potentially find exactly what they need.