The Snowflake Cloud Data Leak
HTML-код
- Опубликовано: 27 авг 2024
- In this video I discuss the SnowFlake cloud data breach incident that has impact AT&T, Santander Bank, Ticket Master, and many other companies.
My merch is available at
based.win/
Subscribe to me on Odysee.com
odysee.com/@Al...
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Babe wake up new data breach just dropped
😂😂
😂
Every other day?
Bobby, don't pull out please, it feels so good baby! :D :D
Babe go to sleep, it is one more of data breaches.
Isn't this like the fourth time AT&T has had a massive breach?
2nd this year alone
Is it gonna be exponential? See y'all next week 😆
AI is awesome..... for the hackers to impersonate employee's voice and video in real-time. lol
@@BillAnt shit.... i never taught about that... you made a point tho, but i guess if that was the case, they would all be caught already... yet, after the dude breached EUROPOL, sold they're data, and got away with it
4th that we know of
So awful we have a credit score at all but one that is tied to forces beyond our control.
How would the companies lending money know who to trust with the money they loan, though?
Not surprising considering that many of the companies want to be like Australia and China. So hence why they have been implementing S.S.C.S. into our society for a decade now and here we are so, I'm not surprised.
Soon everyone will have a "hack score" on how many times our info has been leaked. lol
@@Rightly_Divided from their actual interactions with you? how do you know to trust your friends without a social credit score?
@@Rightly_Divided collateral
so this is how i find out my bank got breached huh
2 months late and from youtube
NO email from them confirming nor denying that my data has been breached
last straw, brb changing banks
Typically they don't tell people unless they have evidence of them being directly affected. Its slimey, but it makes sense because they don't want all of their customers to panic
thing is this is the LEAST offensive thing about their cybersecurity
- the password to enter the site has fewer combinations than customers the bank has
- to authorize actions there's a slightly more complex password, but whenever it asks for it it picks half the characters at random to ask, which means they store passwords unhashed
- when you make an online purchase, since the app never works you have to 2fa with a text message, but instead of sending you a code they send A LINK TO A PASSWORD INPUT
@@inakilbssfeel like naming names?
@@wtfdid_i_justsee i'm just a user
@@inakilbss Again, when I've made passwords, I usually make up a combination of trying to get over at least 8 to 20 characters, so it makes it much more difficult to enter into the account. I do think that having a USB Key item that unlocks your information would be the better way to access not only your computer, but also your social media account since the password is an encrypted 64 character thing.
If I had a dollar for every time my sensitive info was leaked from a large tech company, I would be making money in a very strange way.
You would be google
@@SilverLining1 lmao
😂
OH BOY can't wait for your next vid.....
It's gonna be great
SAARS
@@maxamps45 DO NOT REDEEM
when the amazon cloud was introduced back in the early 2000's it took us all of 10 minutes to come to the conclusion that letting a 3rd party manage our data was a dumb idea. I think we got it right.
unless you are hosting your own datacenter(from ground up) you automatically you allow a third party to manage your data whether thats a VPS to renting space in someone elses datacenter or renting compute and storage from cloud provider
so its not a dumb idea its an ok idea but you still need to follow security practices and such
"... in human history" - glad to hear you acknowledge non-human history might include greater breaches :)
I am Lrrr! Ruler of the planet Omicron Persei 8!
Waiting for the Crowdstrike vid yo to drop...
I used to work for a large company which provided end-user remote tech support which was primarily staffed by contractors through a staffing company. The companies we supported often had locked-down systems, but our own machines were pretty much unrestricted. Our employees were frequently under-trained and irresponsible, and I can 100% see this happening to one of their machines.
If I had $10 for every time my personal data has been leaked in a data breach, I'd be *so* high right now:D
LOL - sounds like me - disposable income MAY =
esoteric psychedelics, etc. ;*[}
i'd have $20
it isn't much but it strange that it has happened twice.
when shit like this happens I get the urge to go ask my mom to stop paying for the monthly ICloud storage. can't believe we live in a world where Cloud storage is popular and companies can just change TOS whenever they want to fuck us over. we own nothing and we are forced to be okay with that.
Fireproof safe + some harddrives / SSDs would be good enough. Plus you own it!
this incident has nothing to do with TOSs nor ownership tho, this is billion dollar companies cheaping out on staff with access to millions of customers' data
santander's security has always been absolute garbage so i'm not surprised they wouldn't even demand the contractor use 2FA
Capitalism is a bee-otch
Especially in a world where decommissioned and wiped-clean enterprise SAS HDD is $3.5/TB. Cheap and environmentally friendly; especially for cold storage.
what was leaked is active data, not archived
I died when he said "Interpol honeypot" 😂
Is it really?
@@adediranadeife7903that’s the joke, people said the new one was a honeypot but they’re actively selling leaks still lol.
@@adediranadeife7903we won't know unless it gets busted (a-fucking-gain)
Probably is
Not your computer, not your files, remember boys, the cloud is just another man's computer
edit : THANK YOU FOR 400+ LIKES
there's also hybrid cloud
OOH SPOOKY
mate created a google account
cringe
You never owned your computer in the first place, remember boys, the NSA always has a backdoor.
@@AckReikTheGreatest07libreboot entered chat
@@luigiramirez29probably backdoored too
Snowflakes are unique like a good encription pattern, but also extremelly fragile at the touch like a server with poor data security.
Indeed. But you know this wasn't a snowflake problem right? AT&T had a user with an insecure password
I wouldn't trust my data to a company with a name like snowflake. They sure live up to their name. lol
@@jxtq27 no they had the credentials in the database along with tons of others to use
@@kingpin3690 Can you be more specific? Who had what credentials in which database? That were used by who?
@jxtq27 i'd never trust an outside company to protect my companies data. There could be insider threats youd never know about. On premise if you want security
Shiny is no longer administrator BTW, I'd assume this recording is old but as of June 14th, it's now 'Anastasia'
Sus
@2rx_bni If you're talking abt Anastasia then ya, came outta nowhere, 0 posts, 0 threads, -1.2k rep, 0 msgs in Shoutbox after 1 month
Sad. I liked the pokemon profile picture
avg linux user
@@ImNotQualifiedToSayThisBut Umbreon my beloved
Speaking of 2FA and credit agencies, I noticed that 2 out of 3 of the big agencies don't have 2FA for customers, and the third does via SMS only. Shame shame
time to cook, my dude
Thank you. BYOD should not be allowed for federally regulated industries, but Snowflake is a tech company that should've known to push 2FA to its customers. Redditors love Snowflake and this is the end result. Also don't know how they don't have a corporate VPN...Even smaller firms have that!
"...the compromised accounts were not using any kind of multi factor authentication..."
It's 2024, this still happens WAY too often!
About time someone covered the actual cause behind all these recent leaks, I've been trying to post about this in a few comment sections
Funny how people can make videos about topics or subjects but god help you if you try comment about it
I hate living in this digital gulag.
so... what's so great about AI companies again? I thought they were supposed to create money, not have a hand in just dropping it all over the floor...
Patiently waiting for the CrowdStrike video
LMFAO, we all are.
BOYD has always been a terrible idea. My last few companies have required me to use my personal phone for work. Here we have someone using their personal computer for work. Company work should always mean company equipment. I had one situation where I did a phone interview with a potential candidate who pulled up his current employer's source code on his computer to show us his work. All sorts of red flags there. Keep personal and company computing separate ... always!
And I thought the benefit of such clouds would be security, because now you have experts run the system, but no you still need to be a security God to not mess up.
Whenever you use the cloud, your data is basically in the public.
Because we're living through late stage capitalism, I full expect one of these companies soon to fake a breach, to sell a copy of their database for extra revenue. So long as the cost of being caught * likelihood of being caught < profit why wouldn't they?
my guy thinks in 4d
They already do that feds pay good
They don't care about getting caught as long as the company is treated as a person and liability for people's actions is offloaded on the company
at&t cant catch a break
They can, though; they've caught enough breaches…
They've screwed every one of their customers that I personally know, usually to the tune of thousands. They created a few ghost lines on my account that I couldn't get rid of until I switched providers.
Great content as always man, very informative for those of us a little newer to security
If only MegaCorporations could afford not to exploit feudal style seasonal hired help, maintaining their labor base with dignity and respect, if only 😔
Pov: You're a hiring manager and you have the option to train someone for 0.0001 seconds or hire someone who can say 500 buzz words / minute ( You pick the latter).
This feels like Solarwinds 2.0
It is. Similar kind of company
At this point hacking is now dead.. it's just another hour of browsing for some people 😂
@mentaoutlaw Next Video ?
Thanks for the info!
No. For contractors they should use a VPN and connect to a Virtual Desktop owned and managed by the client. Client resources can only be accessed via the virtual desktop, either by network or conditional access. Data should not be able to be transferred from the contractor's machine and the virtual desktop, even email access should only be via the virtual desktop.
Edit: MFA for access to the virtual desktop.
I disagree. They should use company equipment 100%. Don't allow un-trusted computers to connect ever. This isn't super expensive to do, compared to running a bunch of VMs. Do you expect contractors to provide their own servers? Of course not, that is crazy. Then why would we expect them to provide their own PCs?
@@username7763 You provide the OSE (operating system environment), you can do that virtually or physically. The logistics of the physical option increase costs and lower security as you are increasing the surface area of attack
Edit: second thoughts on " and lower security as you are increasing the surface area of attack." that is moot at best :)
@@username7763 I do agree with you if the risk justifies the expense, banking or national security.
@@username7763 "They should use company equipment 100%." yes a VDI is 100% company equipment that is my point.
@@snuscaboose1942 It still involves using a contractor-owned computer connecting to the network via VPN and accessing the VDI. This data leak happened due to malware stealing credentials which can happen in the scenario you describe. It doesn't solve it, it just makes things more complicated.
Got an ad for migrating away from snowflake under this video 😂
I remember working with a company that required a couple of security software to be installed on my work machine
After 30 years in this industry as a dev all I can say is it’s such an utter cluster f of greed and so easily solved that i literally can’t believe it every time this crap happens ……
0:40: Outlaw: SAN-TAN-DEHR- BAYNK
Me British Ears: Arghhh!!!!
Why'd you say that like Mr. Krabs
Cus Mr krabs is bri'ish bruv
yo appreciate the update and news
2FA and security to log everywhere... why the hell not every service move to that standard??
Im happy leaks happen im always curious whats happening behind thr scenes
The owner of this channel, Jayson Tatum has a lot of knowledge about security, both digitally and within the NBA
Deep cut, he hasn't made a deep fake in a while
Imma let u finish, but Kenny has one of the best music videos of all time.
I shortly thought you were talking about Tor Snowflakes omg
corps will say to put as much security as possible into these "cloud" services
and then have them dismantled by the simplest rickroll
Everything getting hacked now in days 😭
Wow a lot of likes, that's cool
Now a days*
@@HardPourCorn Maybe they do mean in days, as in way to quickly for any of these companies to have any sort of decent bloody security
@HardPourCorn
Huh
@@SuperLimeWorld Thats how that saying normally goes, now a days, as in "in these days", "in the current day" etc
Revux is creating waves in the crypto world. The concept of an integrated financial platform is a game-changer!
Well, make having the data secure the cheapest option. Take a percentage of the yearly revenue (not profit!) of a company that let the data out (Santander, or what have you). I bet 5% would make *wonders* to their security.
Lirbals when Snowflake 😂 **smashes keyboard on dog**
Just changed my password for att 😢
Make sure to update it in LastPass whilst connected via NordVPN.
Can't be too careful these days.
my data have been leaked so many times in the last few years, i should simply make a post on socialmedia with all my data, it will make no difference 🤣
Just invested $10,000 in Revux! This project is set to soar.
i wake up 🔁 there is another data leak
“I have nothing to hide!”
@MentalOutlaw, I was really hoping you might address Snowflakes main selling point, "Unsiloed Data Storage". They're biggest selling point, IMO is essentially, insecurity. Siloed data does add hurdles to information sharing between apps and geographical spaces, but when configured correctly, dramatically reduces the scope and scale of any one breach. Snowflake is basically saying, Hey hackers! Here's all your data in ONE PLACE! Just break a single account for any one of our applications and it's all yours!
I'd love to get your take on that.
Boring times in the market are the best times to hold and buy more on every dip.
Stop using cloud base systems, and start using things locally
Cloud based isn't the issue, snowflake can be fully configured to force strong passwords, have sso only, force MFA, force IP whitelist
@@edwardsdean why not just have it monitored locally?
Because then you can't be charged a monthly subscription to access your own info@@kingpin3690
Good day to remember that I don't give my credit card data for long term storage to any service.
Turn off the phone! Claim your privacy
But I can't 😂
Not pragmatic
'You have any idea how much shit requires a phone these dayz?
saint tender bank lol nice vid kenny
Just watched the video about Revux. Research mode activated!
Call Sridhar Ramaswamy! the Puppy CEO😂
Can't wait to see $RVX (Revux) hit $5 by the end of the year.
new vid when
only time I'd store any data in a cloud platform is if they're encrypted with a 75 character password
Lol, you think password would stop anyone? You don't know what bypassing is then.
I had a router that I discovered a vuln for around a decade ago that I can bypass the login prompt and change what i want, people who enable wan management on that router got impacted since google indexes everything out there. Good luck with your password.
Proxmox or some other in-situ VM is a good thing for these contractors to learn if they value their position. Such knowledge should be mandatory for fitness of position. Wish I could write the way I want to, but RUclips keeps eating my words.
At the same time it is not feasible to run an entire os for every program or website you use professionally. Many times you even have to use them together.
Having a 762 credit score those are rookie numbers.
X39 or x51?
Having a credit score is for weebs
Real men don't appear in databases
hey Mental Outlaw, I was wondering if you'd be willing to cover a kind of touchy subject; the guy who shot at Trump.
Why? because the media is absolutely perplexed at how he was able to cover his tracks online, generally a bunch of boomer opinions on it...
I think it would really show people a different perspective (an accurate one)
good take.
They are not tracking UNC5537 for this ‘incident’ UNC is a prefix for any uncategorized threat actor, ie don’t know their motivations or affiliation
Contractors are sometimes cheaper than hires, but often they end up costing more. Between contract revisions, missed deadlines, and bad programming, it can get very pricey to cover for them.
Yeah but it that looks better for short term profits so it's fine.
-Every single corporation
10:09 amongst us
so that explains why i'm getting random texts advertising "WFH" opportunities.
Revux is the one, mark my words. All early investors will earn generational wealth.
It’s ok, I’ve had so much fraud hit my cards lately that I have no money and all my cards are new. i’m good.
well if people accessing cloud systems dont do security properly this isnt cloud's fault but users
Snowflake is one of the few Tech companies that Warren Buffet invests in. This might be why LOL
AT&T is LITERALLY the nsa. Wtf 🤣
10:00 Yep, one of my family almost got baited by scammers yesterday if they didn't consult my simple link check for spending online, because they got baited by some random discount by some known actress that is not actually her.
Take care of your friends and family folks. One more thing, from my experience they will do some sussy moves online once or twice a year, so be careful. XD
Damn at first i thought there was an issue with Tor's snowflake bridge
Interesting, thanks. Sorry, if it's not on topic, such a question, how to transfer USDT from OKX wallet to Binance? Apart from the seed phrase, nothing: bar buffalo stone electric maze limb oil match obtain rice above asset. Can you describe how to do it correctly?
The big on-line services should learn that if data does not exist you cannot steal it .
......oh shit, my work place has a addon for all browsers with a snowflake ❄️ icon.
Although I am critical of the cloud, but in this case Snowflake was not the problem, it was just a skill issue from the customers.
They’ll move to cloud sessions workers remote into. Shuffle more money to the hyperscalars.
"Sir, we should make our own cloud infrastructure. It'll be absolutely free because it's open source, but it'll take a week or two to get it running
"Hmmmmm... I'll think on it..."
"Don't listen to him sir! I have an ONLINE cloud solution!"
"How is it better?"
"It's an AI CLOUD!"
"GENIUS, JENKINS! YOUR SALARY IS NOW $4.7M!"
Actually a pretty good take !
Experian itself is a data broker.
haha data leak? no silly, they just open sourced their LLM training dataset, such a good hearted company, paying respect to the people 🤗
Another thing to disturb my sleep for tonight.
i thought of snowflake as in the tor bridge 😭
I was so scared that this had something to do with TOR's snowflake proxy's even though I knew that the proxy wasn't a server. Thank god its just a rando AI tech company lmao
at least 'this time' it was a data breach and not just being sold to bad actors
data? i hardly know a’
Data? I hardly knew her
Dada? I hardly painter
@@jamad-y7m painter? I hardly knew her.
This is irresponsible and inaccurate. "The snowflake hack" that you refer to is not one hack and it really has nothing to do with snowflake. Yes, snowflake is getting attacked a lot, and one at a time its vulnerable clients are getting owned, and it's probably negligent of them to allow a production account to be secured only with a password, but that's what's going on here. Snowflake didn't get hacked, their customers with insecure passwords did. The words you use matter. Try to be accurate next time.
Then what is getting leaked from snowflake?
@@battokizu my understanding is that an AT&T employee's password was compromised
Snowflake itself has not been hacked, it's clients using it in insecure ways
Another L for online fiat banking
Adding 2FA isn't that hard - especially if you use a third party cloud vendor e.g. Duo, rather than "send me a text and I'll type in the code"
Well said.
They're not being hacked, they just sell the data, wait a bit and then say "We got haxx0red, sowwy! pls update your passowords :)"