Slowly but surely, the Snowflake incident is turning into a MOVEit-level event as yet another company comes forward with information about stolen sensitive data – this time Pure Storage.
In a new announcement published earlier this week, the data storage company said that unauthorized third parties had gained access to the Snowflake workspace and stolen telemetry data, which also contained some sensitive customer data.
“After a thorough investigation, Pure Storage has confirmed and addressed a security incident involving a third party that temporarily gained unauthorized access to a single Snowflake data analytics workspace,” the company said in a message on its customer support page. “The workspace contained telemetry information that Pure uses to provide proactive customer support services. That information includes company names, LDAP usernames, email addresses, and the Purity software version number.”
Monitoring client systems
Fortunately, Pure Storage further explained that the workspace did not contain any passwords to access the array, or to the data stored on customer systems.
“Such information is not and cannot ever be communicated outside the array itself, and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems,” the report confirms.
Following the discovery of the breach, the company took steps to block further access, adding that there is no evidence of unusual activity on other elements of the IT infrastructure. Additionally, it found no evidence of “unusual activity” on any of the customer systems it checked.
“We are currently in contact with customers who have similarly detected no unusual activity targeting their Pure systems,” the announcement concludes.
Pure Storage is a large data storage platform, with high-profile customers including Meta, Ford, JP Morgan, NASA, Equinix and Comcast.
Through BleepingComputer