iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The boosted default security measures come after a string of high-profile third-party hacks.
Cloud data storage firm Snowflake has announced the rollout of multifactor authentication (MFA) by default on its platform following the company making headlines earlier in the year due to multiple data breaches of its customers.
The company is also introducing a new password policy that will require customers to use passwords that are at least 14 characters long.
Snowflake passwords previously had a minimum length of eight characters, and while Snowflake had introduced the ability for admins to enforce MFA in July, it was still only an opt-in feature.
“Snowflake has always been committed to helping customers protect their accounts and data. To further our commitment to protect against cyber security threats and to champion the advancement of industry standards for security, Snowflake recently signed the Cybersecurity and Infrastructure Security Agency (CISA) Secure By Design Pledge,” Snowflake said in a 13 September blog post.
“In line with CISA’s Secure By Design principles, we recently announced a number of security enhancements in the platform – most notably the general availability of Trust Center and a new multifactor authentication (MFA) policy. As part of our continuing efforts, we are announcing that MFA will be enforced by default for all human users in any Snowflake account created in October 2024.”
Security researchers at Mandiant uncovered a coordinated campaign against Snowflake customers in June 2024, with at least 165 organisations without MFA turned on open to possible compromise.
At the time, Snowflake said the source of the compromise was likely stolen credentials.
“This appears to be a targeted campaign directed at users with single-factor authentication,” Snowflake said in June. “As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through info-stealing malware.
“We did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee.”
AT&T, Live Nation, and US retailer Neiman Marcus were among the many victims of the campaign.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
