Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Pure Storage joins growing list of Snowflake hack victims

Enterprise data storage firm Pure Storage confirms customer data was compromised following unauthorised access to a Snowflake data analytics workspace.

user icon David Hollingworth
Thu, 13 Jun 2024
Pure Storage joins growing list of Snowflake hack victims
expand image

Storage tech company Pure Storage has confirmed that it was a victim of a data breach linked to a string of high-profile hacks of Snowflake cloud storage accounts.

Pure Storage shared the details of the hack on its support website following an investigation of the incident.

“Following a thorough investigation, Pure Storage has confirmed and addressed a security incident involving a third party that had temporarily gained unauthorised access to a single Snowflake data analytics workspace,” Pure Storage said in its security bulletin.

============
============

“The workspace contained telemetry information that Pure uses to provide proactive customer support services. That information includes company names, LDAP usernames, email addresses, and the Purity software release version number.”

According to Pure Storage, the data did not include passwords or any data stored on its customers’ own systems.

“Pure Storage took immediate action to block any further unauthorised access to the workspace. Additionally, we see no evidence of unusual activity on other elements of the Pure infrastructure,” Pure Storage said.

“Pure is monitoring our customers’ systems and has not found any unusual activity. We are currently in contact with customers who similarly have not detected unusual activity targeting their Pure systems.”

A third-party security firm also confirmed Pure Storage’s findings.

Security firm Mandiant has been tracking the entire campaign since May, and its investigations revealed it has been ongoing since at least April and has impacted more than 160 companies, including Ticketmaster and Santander Bank.

“To date, Mandiant and Snowflake have notified approximately 165 potentially exposed organisations,” Mandiant said in an 11 June blog post.

The hacker in question – which Mandiant is tracking as UNC5537 – is using previously stolen login credentials, in some cases years old, to access Snowflake instances. In each case, the victims have not had multifactor authentication enabled, or network allow lists to confirm only authorised users can access instances.

However, while Snowflake has said the widespread activity is not due to “compromised credentials of current or former Snowflake personnel”, it also said it found evidence of access to Snowflake demo accounts using the credentials of a former employee.

Snowflake is urging its customers to enable multifactor authentication.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.