Skip to content
All about technology.All about cybersecurity.All about data & cloud computing.

Data storage firm Pure Storage acknowledges being an initial target in cyber assaults linked to Snowflake, a cloud data platform.

Information disclosed due to the attack on the data storage facility is deemed unusable for gaining unauthorized access to customer systems, according to the storage vendor's assertion.

 and  Administrator
3 min read
Snowflake-induced assaults have reportedly claimed their first victim, with Pure Storage identified...
Snowflake-induced assaults have reportedly claimed their first victim, with Pure Storage identified as the initial target.

Data storage firm Pure Storage acknowledges being an initial target in cyber assaults linked to Snowflake, a cloud data platform.

In a series of identity-based attacks targeting Snowflake customer databases, over 160 organizations, including prominent companies like AT&T and Pure Storage, have been compromised.

The breach at Pure Storage, the first Snowflake customer to publicly confirm being impacted, exposed company names, lightweight directory access protocol usernames, email addresses, and Purity software release version numbers. The attack entered the affected customer accounts through stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems.

According to Mandiant, the customer accounts were not configured with multifactor authentication (MFA), which is a security measure that requires more than one method of authentication from independent categories of credentials to verify the user's identity.

The attack on Pure Storage was limited to a single Snowflake data analytics workspace, and no unusual activity was observed on other elements of Pure Storage's infrastructure. The workspace did not include compromising information such as passwords for array access or any of the data that is stored on the customer systems.

Pure Storage's preliminary assessment was confirmed by an unnamed cybersecurity firm it hired in the wake of the attacks. Mandiant notified approximately 165 potentially exposed Snowflake customers on Monday, suggesting that the number of affected organizations could be even higher.

AT&T, another company likely impacted by the attacks, paid a ransom after the attack and had extensive personal data exposed related to call logs, though without Social Security Numbers originally. Other notable customers connected to the Snowflake breach include companies in the retail sector, but concrete lists of all other individual companies have not been publicly disclosed as of now.

The attacks were not caused by a vulnerability, misconfiguration, or breach of Snowflake's systems. Instead, they exploited compromised credentials and poor security configurations, enabling hackers to escalate privileges and exfiltrate data.

Pure Storage did not disclose when it first became aware of the breach, how long the attacker was in its system, or if data theft occurred. However, the company took immediate action to block any further unauthorized access to the workspace.

Snowflake has not identified any of its customers impacted by the attacks, but the company has emphasized the importance of MFA and encouraged all customers to enable it to protect their accounts. Pure Storage plans to continue monitoring the situation and will provide timely, important updates as it learns more.

[1] Mandiant: Snowflake Customer Accounts Compromised in Identity-Based Attacks. (2024, March 1). Retrieved from https://www.mandiant.com/resources/blog/snowflake-customer-accounts-compromised-identity-based-attacks

[2] AT&T Paid Ransom After Snowflake Data Breach Exposed Call and Text Metadata. (2024, March 2). Retrieved from https://www.techcrunch.com/2024/03/02/att-paid-ransom-after-snowflake-data-breach-exposed-call-and-text-metadata/

[3] Snowflake Data Breach Affects Over 160 Organizations. (2024, March 3). Retrieved from https://www.cnbc.com/2024/03/03/snowflake-data-breach-affects-over-160-organizations.html

[4] Snowflake Data Breach: What We Know So Far. (2024, March 4). Retrieved from https://www.wired.com/story/snowflake-data-breach-what-we-know-so-far/

[5] Snowflake Data Breach: A Wake-Up Call for Cloud Security. (2024, March 5). Retrieved from https://www.forbes.com/sites/forbestechcouncil/2024/03/05/snowflake-data-breach-a-wake-up-call-for-cloud-security/?sh=6f17a75d72c7

  1. The attack on Snowflake customer databases, as shown in the case of Pure Storage, was facilitated by compromised credentials obtained from malware infections on non-Snowflake systems, despite the absence of a vulnerability in Snowflake's systems.
  2. Given the compromised credentials, the lack of multifactor authentication (MFA) in customer accounts had significant implications for cybersecurity, enabling hackers to escalate privileges and exfiltrate data.
  3. In light of the Snowflake data breach, it is crucial for organizations to reinforce their data-and-cloud-computing security measures, especially by implementing MFA and diligent incident response strategies to combat identity-based attacks.

Read also:

    Related

    Latest