Pure Storage confirms data breach — Snowflake attack again thought to be involved

Representational image of cloud computing.
Image Credit: Shutterstock (Image credit: Everything Possible / Shutterstock)

Slowly but surely the Snowflake incident is turning into a MOVEit-level event, as yet another company comes forward with information of stolen sensitive data - this time Pure Storage.

In a new announcement published earlier this week, the data storage firm said that unauthorized third parties accessed its Snowflake workspace and stole telemetry information, which includes some sensitive customer data, too.

"Following a thorough investigation, Pure Storage has confirmed and addressed a security incident involving a third party that had temporarily gained unauthorized access to a single Snowflake data analytics workspace," the company said in a post on its customer support page. “The workspace contained telemetry information that Pure uses to provide proactive customer support services. That information includes company names, LDAP usernames, email addresses, and the Purity software release version number.”

Monitoring client systems

Fortunately, Pure Storage further explained that the workspace did not include passwords for array access, or any of the data stored on customer systems. 

“Such information is never and can never be communicated outside of the array itself, and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems,” it confirmed.

Following the discovery of the breach, the company moved to block further access, it said, adding that there is no evidence of unusual activity on other elements of its IT infrastructure. Furthermore, it found no evidence of “unusual activity” on any of the customer systems it monitored.

“We are currently in contact with customers who similarly have not detected unusual activity targeting their Pure systems,” the announcement concludes.

Pure Storage is a major data storage platform, with high-profile clients include Meta, Ford, JP Morgan, Nasa, Equinix, and Comcast.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.