Skip to main content
close search
site logo
Dive Brief

Pure Storage comes forward as an early victim of Snowflake-linked attacks

The data storage vendor said information exposed by the attack can’t be used to gain access to customer systems.

Published June 12, 2024
Matt Kapko's headshot
Senior Reporter
Matrix background of blurred programming code.
Getty Plus via Getty Images

Dive Brief:

  • Pure Storage confirmed an attacker gained access to its Snowflake environment, which contained telemetry data it uses for customer support services, the company said Tuesday in a security bulletin.
  • “Telemetry information cannot be used to gain unauthorized access to customer systems,” the data storage hardware and software vendor said. Information exposed by the attack includes company names, lightweight directory access protocol usernames, email addresses and Purity software release version numbers.
  • “Pure Storage took immediate action to block any further unauthorized access to the workspace,” the company said. “Additionally, we see no evidence of unusual activity on other elements of the Pure infrastructure.”

Dive Insight:

Pure Storage is the first Snowflake customer in a public forum to confirm it was impacted in the spree of identity-based attacks targeting Snowflake customer databases.

Other companies that experts have linked to attacks involving the theft of corporate information stored on Snowflake haven’t officially named the third-party vendor. Snowflake has not identified any of its customers impacted by the attacks.

Pure Storage did not say when it first became aware of the breach, how long the attacker was in its system and if data theft occurred. The company was not immediately available for comment.

The Santa Clara, California-based company is one of at least 100 Snowflake customers impacted by the attacks. Snowflake and its incident response firm Mandiant have notified approximately 165 potentially exposed customers, Mandiant said Monday.

The attacks were not caused by a vulnerability, misconfiguration or breach of Snowflake’s systems, according to Mandiant. Following an investigation with Mandiant and CrowdStrike, the data warehouse vendor pointed to stolen credentials for customer systems unprotected by MFA as the cause.

Stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems were the point of entry for the attacks, and impacted customer accounts were not configured with multifactor authentication, Mandiant said.

Pure Storage said the attack was limited to a single Snowflake data analytics workspace that “did not include compromising information such as passwords for array access or any of the data that is stored on the customer systems.”

Pure Storage said its preliminary assessment was confirmed by an unnamed cybersecurity firm it hired in the wake of the attacks. The company plans to continue monitoring the situation and will provide timely, important updates as it learns more.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell