Pure Storage Confirms Data Breach Linked to Compromised Snowflake Workspace

Pure Storage, a provider of all-flash and cloud storage solutions, recently confirmed a data breach involving unauthorized access to a Snowflake data analytics workspace. This incident comes amidst a wider industry trend targeting companies using Snowflake’s cloud-based data platform.

Understanding the Attack: Exploiting Weaknesses, Not Snowflake’s Security

Security researchers at Mandiant have linked this wave of attacks to compromised customer credentials, not a breach of Snowflake’s infrastructure itself. Attackers, likely a cybercriminal group, are exploiting the lack of multi-factor authentication (MFA) on certain customer accounts. This essential security measure adds an extra layer of verification beyond just usernames and passwords.

Mandiant also linked the Snowflake attacks to a financially motivated threat actor tracked as UNC5537 since May 2024.

Impact on Pure Storage: Telemetry Data Accessed

In Pure Storage’s case, the attackers gained access to a single Snowflake workspace containing telemetry data. This information is used by Pure Storage to provide proactive customer support services. The exposed data includes company names, LDAP usernames, email addresses, and software version numbers. However, Pure Storage emphasizes that no critical customer data, such as storage array access passwords or stored data, was compromised.

Pure Storage’s Response and Security Measures

Following the discovery of the breach, Pure Storage took immediate action to block further unauthorized access to the compromised workspace. Additionally, they have not observed any suspicious activity within other parts of their infrastructure. This incident highlights the importance of robust security practices, including mandatory MFA for all accounts.

Mitigating the Risk: Importance of Multi-Factor Authentication

The recent attacks targeting Snowflake users underscore the critical role of MFA in preventing unauthorized access. By requiring a second verification factor, such as a code from a mobile app or a security key, MFA significantly reduces the risk of successful breaches even if usernames and passwords are compromised.

Pure Storage’s data breach serves as a cautionary tale for all organizations relying on cloud-based services. Implementing strong security measures, including mandatory MFA, is essential to safeguarding sensitive data and protecting customer privacy.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.