Cybercriminals have gained access to a Snowflake environment of storage provider Pure Storage. At issue was one data analytics workspace, where the company stored telemetry for the purpose of customer service. Possible data stolen included company names, LDAP user names, e-mail addresses and the version number of software used by Pure Storage’s customers.
The company reports the breach in a statement on its site. Pure Storage confirmed that the workspace contained no other compromising information, such as passwords or customer data. The company further emphasized that such sensitive information is never communicated outside the array and is not part of telemetry data. Thus, even if criminals steal it, they cannot use it to access customer systems.
Access blocked
Following the breach, Pure Storage says it immediately blocked further unauthorized access and did not observe any unusual activity in its infrastructure, according to its own statement. The company also continuously monitors customer systems and so far, has not detected irregularities that point to this incident. Direct contact with customers also did not indicate there had been any attempts to penetrate customer systems.
There has been a series of cyber attacks on Snowflake environments lately. We previously reported that, according to cybersecurity expert Mandiant, hackers attacked at least 165 Snowflake customers’ spaces. There is no evidence that the malignant forces managed to compromise Snowflake’s systems itself. The attackers allegedly gained access through captured login information, some of which is years old.
Ticketmaster and Advance Auto Parts are among the affected companies. Live Nation, the company behind Ticketmaster, is a publicly traded company that reported the intrusion on its systems to the U.S. Securities and Exchange Commission (SEC, the stock market watchdog).
Also read: Mandiant reports at least 165 Snowflake customers affected in series of hacking attempts