(Bloomberg) -- Hackers are selling data about consumers of the LendingTree Inc. subsidiary QuoteWizard after the company detected unauthorized access on a cloud database hosted by Snowflake Inc., according to a person familiar with the matter.

There have been several listings of the data on cybercriminal forums, the person said, asking not be named because they weren’t authorized to speak on the matter. The data is being sold to the highest bidder, they said. The hack has had no impact on operations, and LendingTree is still investigating the size and scope of the theft, the person said. Exactly how the information was stolen wasn’t immediately clear. 

“This is an ongoing investigation, and as soon as that investigation is complete we will notify all the impacted customers,” said Arun Sankaran, LendingTree’s chief information security officer. 

LendingTree has said that the breach didn’t affect information linked to the parent company or financial account information of QuoteWizard customers.

LendingTree shares were down 3.3% on Friday, and Snowflake stock fell 1%. 

LendingTree uses cloud data analytics company Snowflake for its business operations and has said it was notified earlier that its QuoteWizard subsidiary may have been affected. LendingTree said on Tuesday that it was investigating whether it was a victim of a larger hacking campaign against Snowflake clients. In that incident, a hacking group used stolen login details to access Snowflake accounts of as many as 165 of the firm’s customers, according to Google’s Mandiant security business. 

“We take these matters seriously, and immediately after hearing from them we launched an internal investigation,” LendingTree spokesperson Megan Greuling said.

Snowflake referred to its June 10 blog post when asked for comment.

(Updates with trading figures in the fifth paragraph.)

©2024 Bloomberg L.P.