Snowflake: Admins Can Now Enforce MFA

Cloud firm answers customers' calls to strengthen its multifactor authentication policies, in the wake of over 100 breaches that exploited unprotected Snowflake accounts.

Shane Snider , Senior Writer, InformationWeek

July 10, 2024

1 Min Read

Snowflake-linked breaches have struck hundreds of companies and millions of consumers -- now the company has added multifactor authentication enforcement tools for clients to better protect their data.

Snowflake, the world’s leading cloud data warehousing firm, has answered calls to strengthen its multifactor authentication policy (MFA) to allow clients to enforce and enable the security feature.

MFA will be enabled by default for all new accounts, Snowflake CISO Brad Jones told customers in a letter. The change comes after a Mandiant and Crowdstrike investigation found 165 companies may have been breached through unprotected Snowflake accounts.

“Snowflake is committed to helping customers protect their accounts and data,” Snowflake’s Anoosh Saboori said in a joint blog post with Jones. “That’s why we’ve been working on product capabilities that allow Snowflake admins to make multifactor authentication mandatory and monitor compliance with this new policy.”

Snowflake’s organization itself was not compromised, according to the investigation findings. However, an attacker accessed demo accounts through the credentials of a former Snowflake employee. The demo accounts were not protected by MFA.

Several experts told InformationWeek that Snowflake’s lack of an enforcement mechanism created a gaping hole for attackers to exploit. Shortly after, the company said it would address the MFA policy.

Related:Snowflake Scrambles to Enforce MFA as Breaches Pile Up

The ensuing breaches impacted Ticketmaster, Santander Bank, Neiman Marcus, Pure Storage, Advance Auto Parts, and others not yet named. Millions of documents of sensitive data from those companies' clients and workers have been used in extortion attempts in the past several weeks.

“Snowflake is committed to continuing its investment into technology and tools that help our customers increase their security,” Saboori and Jones wrote. “Soon, Snowflake will require MFA for all human users in newly created Snowflake accounts.”

About the Author(s)

Shane Snider

Senior Writer, InformationWeek, InformationWeek

Shane Snider is a veteran journalist with more than 20 years of industry experience. He started his career as a general assignment reporter and has covered government, business, education, technology and much more. He was a reporter for the Triangle Business Journal, Raleigh News and Observer and most recently a tech reporter for CRN. He was also a top wedding photographer for many years, traveling across the country and around the world. He lives in Raleigh with his wife and two children.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights