Pure Storage comes forward as early victim of Snowflake-linked attacks

Company tightlipped over when breach occured
Photo by Pixabay via Pexels

13 June 2024

Pure Storage confirmed an attacker gained access to its Snowflake environment, which contained telemetry data it uses for customer support services, the company said Tuesday in a security bulletin.

“Telemetry information cannot be used to gain unauthorised access to customer systems,” the data storage hardware and software vendor said. Information exposed by the attack includes company names, lightweight directory access protocol usernames, e-mail addresses and Purity software release version numbers.

“Pure Storage took immediate action to block any further unauthorised access to the workspace,” the company said. “Additionally, we see no evidence of unusual activity on other elements of the Pure infrastructure.”

Pure Storage is the first Snowflake customer in a public forum to confirm it was impacted in the spree of identity-based attacks targeting Snowflake customer databases.

Other companies that experts have linked to attacks involving the theft of corporate information stored on Snowflake haven’t officially named the third party vendor. Snowflake has not identified any of its customers impacted by the attacks.

Pure Storage did not say when it first became aware of the breach, how long the attacker was in its system and if data theft occurred. The company was not immediately available for comment.

The Santa Clara, California-based company is one of at least 100 Snowflake customers impacted by the attacks. Snowflake and its incident response firm Mandiant have notified approximately 165 potentially exposed customers, Mandiant said Monday.

The attacks were not caused by a vulnerability, misconfiguration or breach of Snowflake’s systems, according to Mandiant. Following an investigation with Mandiant and CrowdStrike, the data warehouse vendor pointed to stolen credentials for customer systems unprotected by MFA as the cause.

Stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems were the point of entry for the attacks, and impacted customer accounts were not configured with multifactor authentication, Mandiant said.

Pure Storage said the attack was limited to a single Snowflake data analytics workspace that “did not include compromising information such as passwords for array access or any of the data that is stored on the customer systems”.

Pure Storage said its preliminary assessment was confirmed by an unnamed cyber security firm it hired in the wake of the attacks. The company plans to continue monitoring the situation and will provide timely, important updates as it learns more.

Read More:

Back to Top ↑