U.S. all-flash storage provider Pure Storage has confirmed having telemetry data for customer support services exfiltrated following a breach of its Snowflake data analytics environment, reports The Register.
Only company names, LDAP usernames, email addresses, and Purity software version numbers were included in the compromised data, according to Pure Storage, which emphasized that the impacted Snowflake workspace did not contain any array passwords and customer information.
"Such information is never and can never be communicated outside of the array itself, and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems," said Pure Storage.
Such a disclosure follows a Mandiant report detailing that 165 companies have already been compromised by the UNC5537 threat operation through exfiltrated Snowflake credentials since 2020. All of the targeted organizations were also noted by the report to have lacked multi-factor authentication, a detail previously emphasized by Snowflake, which already stressed that none of its systems have been impacted.
