Pure Storage identifies itself as an initial target in cyber attacks linked to Snowflake
In a recent development, Pure Storage has confirmed an attack on its Snowflake environment containing telemetry data used for customer support services. The cybersecurity firm hired by the company to investigate the incident has confirmed the attack, but remains unnamed.
The attack appears to have been initiated through stolen credentials for customer systems that were not protected by Multi-Factor Authentication (MFA). As a result, at least 100 Snowflake customers may have been affected, according to reports. Mandiant notified approximately 165 potentially exposed customers.
The stolen data includes company names, lightweight directory access protocol usernames, email addresses, and Purity software release version numbers. However, the attack did not affect other elements of Pure Storage's infrastructure, nor did it include compromising information such as passwords for array access or any of the data that is stored on the customer systems.
Upon learning about the attack, Pure Storage took immediate action to block any further unauthorized access to the workspace. The company has also confirmed that the attacks were not caused by a vulnerability, misconfiguration, or breach of Snowflake's systems.
Pure Storage is the first Snowflake customer to publicly confirm being impacted in a spree of identity-based attacks targeting Snowflake customer databases. Snowflake, on the other hand, has not identified any of its customers impacted by the attacks. The attack on Pure Storage was limited to a single Snowflake data analytics workspace, and no unusual activity was observed on other elements of the Pure Storage infrastructure.
Pure Storage is planning to continue monitoring the situation and will provide timely, important updates as it learns more. The company was not immediately available for comment regarding the breach.
It's important to note that while identity-based attacks are an increasing concern for cloud environments, including Snowflake customers, no additional detailed or confirmed information about such attacks affecting Pure Storage or their Snowflake databases was found in the available sources.
Other companies linked to attacks involving the theft of corporate information stored on Snowflake have not officially named the third-party vendor. The search results highlight general risks affecting cloud storage accounts among Snowflake customers, but do not elaborate on identity-based attacks against Snowflake or incidents involving Pure Storage directly.
- Pure Storage has engaged a cybersecurity firm to investigate the incident response related to the malware attack on its Snowflake environment.
- The malware attack on Pure Storage's Snowflake environment potentially exposed the data of over 165 customers, according to Mandiant's notification.
- The stolen data in the attack included company names, LDAP usernames, email addresses, and Purity software release version numbers, but no compromising information such as passwords for array access or data stored on customer systems were affected.
- In light of the incident, data-and-cloud-computing, business, and technology sectors should reinforce cybersecurity measures, especially Multi-Factor Authentication (MFA), to guard against identity-based attacks.
