Todd Faulk
Published on: June 11, 2024 Senior Editor

The financial services company LendingTree has confirmed that its subsidiary, QuoteWizard, may have been affected by the recent breaches of customer databases hosted on the Snowflake platform.

On June 7, a spokesman for LendingTree said, “We take these matters seriously, and immediately after hearing from [Snowflake] launched an internal investigation. That investigation is ongoing. As of this time, it does not appear that consumer financial account information was impacted, nor information of the parent entity, LendingTree.”

Other reporting seems to bely that statement. On June 1, a hacker claimed on the cybercriminal platform BreachForums that they had stolen the personal data of 190 million QuoteWizard customers and were demanding a $2 million ransom for its safe return. The data supposedly includes customer details, insurance quotes, and partial credit card numbers.

The same hacker also claims to have stolen from a Snowflake database information belonging to 380 million customers of Advance Auto Parts, the giant auto parts retail chain. One researcher verified that at least some of the data in the stolen database is legitimate. The company said it was investigating the claim.

Snowflake has reportedly advised approximately 165 companies that host databases on its platform that their customer information may have been accessed by unauthorized parties in the recent cyberattacks.

The company still maintains that its platform has not been compromised but that a threat actor or actors have obtained the credentials for the customer databases from other sources. It says it is working with all its clients to strengthen their login credentials and to use multi-factor authentication.

“We are also developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts,” said Brad Jones, an official from Snowflake.

On June 3, the US Cybersecurity & Infrastructure Security Agency (CISA) issued an alert advising all Snowflake customers that cyberattacks against the platform have increased and that they should immediately upgrade their security measures and look for malicious activity affecting their Snowflake databases.^[1]