June 11, 2024 at 08:48AM
Pure Storage confirmed a security breach in its Snowflake workspace, exposing telemetry data and customer names, usernames, and email addresses. The company took steps to secure its systems and has not found malicious activity on customer infrastructure. The attack was linked to a financially motivated threat actor, targeting organizations without multi-factor authentication.
Based on the meeting notes, the key takeaways are:
1. Pure Storage experienced a security incident in its Snowflake workspace where attackers gained unauthorized access to telemetry information, including customer names, usernames, and email addresses. However, no credentials for array access or other customer system data were compromised.
2. Pure Storage has taken measures to prevent further unauthorized access and is in contact with customers to address any potential impact.
3. Mandiant and CrowdStrike, in a joint advisory with Snowflake, revealed that attackers used stolen customer credentials to target accounts lacking multi-factor authentication protection, impacting hundreds of organizations worldwide.
4. Mandiant identified hundreds of customer Snowflake credentials exposed in various infostealer malware attacks, prompting notifications to around 165 potentially affected organizations.
5. The ongoing Snowflake attacks have been linked to recent breaches at companies such as Santander, Ticketmaster, and QuoteWizard/LendingTree, with evidence of data breaches and compromised accounts resulting in the sale of stolen customer profiles and loyalty/gas card numbers.
These takeaways highlight the severity of the security incident and the potential impact on numerous organizations due to the compromised credentials and unauthorized access. The collaboration between Pure Storage, Snowflake, Mandiant, and CrowdStrike underscores the importance of addressing these security threats and ensuring enhanced protection measures, including multi-factor authentication, to safeguard customer data.