Pure Storage confirms Snowflake incident, sees no impact on customers

The attack, part of an industry-wide attack targeting information stored with Snowflake, did access telemetry data in a single Snowflake data analytics workspace used by Pure Storage for customer support, but Pure Storage said it did not access any compromised customer data.

All-flash and cloud storage technology developer Pure Storage announced Tuesday that a third party had temporarily gained unauthorized access to a Snowflake data analytics workspace.

However, the Santa Clara, California-based company wrote in an online security bulletin on Tuesday that no “compromising information” had been accessed and unauthorized access had been blocked.

The attempt to access Pure Storage’s Snowflake data analytics workspace is the latest in a series of data theft attacks targeting Snowflake customers. Google Cloud’s Mandiant Incident Response Team announced Monday that approximately 165 potentially vulnerable organizations have been notified of attacks related to Snowflake.

(See also: The Security 100 2024)

According to Mandiant, the attackers did not penetrate Snowflake’s environment, but used stolen credentials to attack customers who use Snowflake’s data-as-a-service technology.

Pure Storage wrote in its security bulletin that it “has confirmed and resolved a security incident involving a third party who temporarily gained unauthorized access to a single Snowflake data analytics workspace.”

This workspace contained telemetry information including company names, LDAP user names, email addresses, and Purity software version number used by Pure Storage to provide proactive customer support services.

“The workspace did not contain any compromising information such as passwords for array access or any data stored on the customer systems. Such information will not and can never be transmitted outside of the array itself and is not part of telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems,” the company wrote.

Pure Storage also wrote that it took immediate action to block further unauthorized access to the workspace.

“In addition, we see no evidence of unusual activity on other elements of Pure’s infrastructure. Pure monitors our customers’ systems and has not identified any unusual activity. We are currently in contact with customers who have also not identified any unusual activity targeting their Pure systems,” the company wrote.

When asked by CRN for more information, Pure Storage referred to the company’s security bulletin and stressed that neither the company nor its customers had detected any unusual activity. The spokesperson did not provide further details.

A Pure Storage reseller, who wished to remain anonymous, confirmed to CRN that the hacked telemetry data was related to customer support and that no credentials were stolen.

“These attacks are now happening everywhere,” wrote the solution provider.