Snowflake: Admins Can Now Enforce MFA

Snowflake-linked breaches have struck hundreds of companies and millions of consumers -- now the company has added multifactor authentication enforcement tools for clients to better protect their data.

Snowflake, the world’s leading cloud data warehousing firm, has answered calls to strengthen its multifactor authentication policy (MFA) to allow clients to enforce and enable the security feature.

MFA will be enabled by default for all new accounts, Snowflake CISO Brad Jones told customers in a letter. The change comes after a Mandiant and Crowdstrike investigation found 165 companies may have been breached through unprotected Snowflake accounts.

“Snowflake is committed to helping customers protect their accounts and data,” Snowflake’s Anoosh Saboori said in a joint blog post with Jones. “That’s why we’ve been working on product capabilities that allow Snowflake admins to make multifactor authentication mandatory and monitor compliance with this new policy.”

Snowflake’s organization itself was not compromised, according to the investigation findings. However, an attacker accessed demo accounts through the credentials of a former Snowflake employee. The demo accounts were not protected by MFA.

Several experts told InformationWeek that Snowflake’s lack of an enforcement mechanism created a gaping hole for attackers to exploit. Shortly after, the company said it would address the MFA policy.

Related:Snowflake Scrambles to Enforce MFA as Breaches Pile Up

The ensuing breaches impacted Ticketmaster, Santander Bank, Neiman Marcus, Pure Storage, Advance Auto Parts, and others not yet named. Millions of documents of sensitive data from those companies' clients and workers have been used in extortion attempts in the past several weeks.

“Snowflake is committed to continuing its investment into technology and tools that help our customers increase their security,” Saboori and Jones wrote. “Soon, Snowflake will require MFA for all human users in newly created Snowflake accounts.”