It’s mostly AT&Ts fault but it’s sort of a side effect of Snowflake making their product easy to use and most of the industry overlooking credential reuse risks.
Databases are not historically internet facing so data compromise also meant getting network access. But Snowflake provided web access to your database so they were “easy to use” database as a service (“cloud data warehouse”). Snowflake did not offer you a way to host data within your network or within your dedicated subnets within a cloud provider, so companies could not solely rely on those networking barriers to limit malicious counterparties.
Snowflake has apparently begun requiring MFA for new accounts since this incident I’ve heard. If shutting the gate after the horses have left implies culpability, Snowflake has some.
Perhaps that's not the whole story, but if true then blame certainly lies with AT&T to a significant degree.