In early June 2024, a threat actor using the alias Sp1d3r put a database up for sale on the dark web, claiming that it belonged to the Los Angeles Unified School District (LAUSD) and had been stolen from his Snowflake account.
The hacker asked for $150,000 for the archive, which contained student names, addresses, last names, demographics, financial data, grades, achievement scores, disability information, discipline records and parent information.
Now, a month later, the organization has confirmed the authenticity of the threat actor’s claims, potentially putting millions of students at risk.
Credential filling
“Through its extensive and ongoing investigation, the district has determined that the data in question was maintained by one or more of Los Angeles Unified’s third-party vendors on Snowflake, a cloud-based platform used for massive data storage, and appears to have been stolen in a manner consistent with recently publicized thefts involving numerous Snowflake accounts,” the LAUSD said in a statement BleepingComputer.
“To date, the district’s ongoing investigation has revealed no evidence of any compromise in our systems or networks; however, investigation into the scope and extent of affected data is ongoing.”
Sp1d3r recently put up numerous databases for sale, all apparently stolen from Snowflake: Ticketmaster, Santander Bank, Advance Auto Parts, Pure Storage and others. Snowflake’s initial report, conducted jointly with Mandiant and Crowdstrike, claims that the infrastructure is intact and that the attacker has managed to break into these accounts using brute force and credential stuffing, trying out username/password combinations found elsewhere were stolen, against accounts that had not. multi-factor authentication (MFA) set up.
LAUSD said it has notified relevant authorities and law enforcement agencies and is actively cooperating with the FBI, CISA and its vendors as the incident is thoroughly investigated.
Sp1d3r says it has 11 GB of sensitive data, including 26 million records of student information, more than 24,000 teacher records, and about 500 employee information. The going price for the archive was $1,000.