Pure Storage Confirms Snowflake Incident, Sees No Customer Impact

The attack, part of an industry-wide attack targeting information stored using Snowflake, did access telemetry data in a single Snowflake data analytics workspace used by Pure Storage for customer support, but Pure Storage said no compromising customer data was accessed.

All-flash and cloud storage technology developer Pure Storage Tuesday said that a third party had temporarily gained unauthorized access to a Snowflake data analytics workspace.

However, in an online security bulletin, the Santa Clara, Calif.-based company Tuesday wrote that no “compromising information” was accessed and that the unauthorized access was blocked.

The attempt to access Pure Storage’s Snowflake data analytics workspace is the latest in a series of data theft attacks targeting Snowflake customers. Google Cloud’s Mandiant incident response team disclosed Monday that about 165 potentially exposed organizations have been notified about attacks involving Snowflake.

[Related: The 2024 Security 100]

According to Mandiant, attackers have not breached Snowflake’s environment, but instead are using stolen credentials to attack customers who use Snowflake’s data-as-a-service technology.

Pure Storage, in its security bulletin, wrote that it has “confirmed and addressed a security incident involving a third party that had temporarily gained unauthorized access to a single Snowflake data analytics workspace.”

That workspace contained telemetry information, including company names, LDAP usernames, email addresses, and the Purity software release version number, used by Pure Storage to provide proactive customer support services.

“The workspace did not include compromising information such as passwords for array access, or any of the data that is stored on the customer systems. Such information is never and can never be communicated outside of the array itself and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems,” the company wrote.

Pure Storage also wrote that it took immediate action to block further unauthorized access to the workspace.

“Additionally, we see no evidence of unusual activity on other elements of the Pure infrastructure. Pure is monitoring our customers’ systems and has not found any unusual activity. We are currently in contact with customers who similarly have not detected unusual activity targeting their Pure systems,” the company wrote.

Pure Storage, in response to a CRN request for further information, referred to the company’s security bulletin and emphasized that it and its customers have not detected unusual activity. The spokesperson did not provide any additional details.

One Pure Storage channel partner, who requested anonymity, confirmed to CRN that the telemetry information hacked was related to customer support, and that no credentials were stolen.

“These attacks are happening everywhere now,” the solution provider wrote.