Pure Storage confirms the snowflake incident and sees no impact to the customer

The attack, part of an industry-wide attack targeting information stored with Snowflake, accessed telemetry data in one Snowflake data analytics workspace used by Pure Storage for customer service, but Pure Storage said no compromising customer data was accessed.

Cloud storage and all-flash technology developer Pure Storage has announced that a third party has temporarily gained unauthorized access to the Snowflake data analytics workspace.

However, in an online security bulletin on Tuesday, the Santa Clara, California-based company wrote that no “compromising information” had been accessed and unauthorized access had been blocked.

The attempt to gain access to the Snowflake data analytics workspace in Pure Storage is the latest in a series of data theft attacks targeting Snowflake customers. Google Cloud’s Mandiant incident response team revealed on Monday that approximately 165 potentially exposed organizations have been notified about the snowflake attacks.

(Related: Safety 100 for 2024)

According to Mandiant, the attackers did not compromise Snowflake’s environment, but are instead using stolen credentials to attack customers using Snowflake’s data-as-a-service technology.

In its security bulletin, Pure Storage wrote that it “confirmed and remedied a security incident involving a third party who temporarily gained unauthorized access to a single Snowflake data analytics workspace.”

This workspace contained telemetry information, including company names, LDAP usernames, email addresses, and the Purity software version number, used by Pure Storage to provide proactive customer support services.

“The workspace did not contain compromising information, such as board passwords, or any data stored on the client’s systems. Such information is never and cannot be transmitted outside the array itself and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems,” the company wrote.

Pure Storage also wrote that immediate action was taken to block further unauthorized access to the workspace.

“Additionally, we see no evidence of unusual activity on other parts of Pure’s infrastructure. Pure monitors our customers’ systems and has not found any unusual activity. We are currently in contact with customers who have similarly detected no unusual activity against their Pure systems,” the company wrote.

Pure Storage, in response to CRN’s request for further information, referred to the company’s security bulletin and emphasized that neither it nor its customers had observed any unusual activity. The spokesman did not provide any additional details.

One Pure Storage channel partner, who requested anonymity, confirmed to CRN that the hacked telemetry information was related to customer service and that no credentials were stolen.

“These attacks are happening everywhere now,” the solution provider wrote.