Storage provider Pure Storage identifies itself as an initial target of cyberattacks linked to Snowflake.
In a series of identity-based attacks targeting Snowflake customer databases, Pure Storage has become the first to publicly confirm its involvement. While other companies linked to these attacks have not officially named the third-party vendor, notable victims include AT&T, Qantas, Krispy Kreme, and possibly Allianz Life.
Pure Storage's telemetry data used for customer support services was affected by the attack. The attacks entered the impacted customer accounts through stolen credentials obtained from multiple infostealer malware infections on non-Snowflake owned systems. An attacker gained access to Pure Storage's Snowflake environment, but the attack was limited to a single Snowflake data analytics workspace.
The attacks were not caused by a vulnerability, misconfiguration, or breach of Snowflake's systems. Pure Storage took immediate action to block any further unauthorized access to the workspace. However, the company has not disclosed when it first became aware of the breach, the duration of the attacker's presence in the system, or if data theft occurred.
Snowflake has not identified any of its customers impacted by the attacks, but the information exposed by the attack on Pure Storage includes company names, lightweight directory access protocol usernames, email addresses, and Purity software release version numbers. Information pertaining to passwords for array access or any of the data that is stored on the customer systems was not compromised.
AT&T was affected by the breach, exposing call and text metadata for nearly 110 million AT&T customers from 2022 and some from 2023. Although it involved call logs and interaction data, it did not initially include personally identifiable information like Social Security Numbers. Later, repackaged data linked to the same incident surfaced, consolidating previously exposed fields into more complete identity profiles, increasing risks of identity theft.
Qantas and Krispy Kreme were mentioned as part of a broader range of victims in this Snowflake-related attack context. Krispy Kreme confirmed a ransomware attack in late 2024 exposing data of over 161,000 individuals. The connection to Snowflake is implied in the wider breach scope. Allianz Life confirmed a data breach in July 2025 involving unauthorized access to a cloud-based third-party CRM system. Although this breach was due to social engineering, it involved a cloud system and exposed personally identifiable data for the majority of its 1.4 million customers.
Pure Storage plans to continue monitoring the situation and will provide timely, important updates as it learns more. The preliminary assessment of the breach was confirmed by an unnamed cybersecurity firm hired by Pure Storage in the wake of the attacks. As the investigation continues, it is crucial for all affected companies to take immediate steps to secure their systems and protect their customers' data.
[1] Source: [URL] [2] Source: [URL] [3] Source: [URL] [4] Source: [URL]
- Pure Storage's involvement in the identity-based attacks was confirmed, with the malware infections on non-Snowflake systems allowing the attacks to enter customer accounts.
- The attack on Pure Storage, while limited to a single Snowflake data analytics workspace, exposed company names, Lightweight Directory Access Protocol usernames, email addresses, and Purity software release version numbers.
- Following the breach, Pure Storage took immediate action to block any further unauthorized access, but details about when the breach was first detected, the duration of the attacker's presence, and if data theft occurred have not been disclosed.
- In light of the breach, it is crucial for all affected companies to take immediate steps to secure their systems and protect their customers' data, as cybersecurity firms continue to monitor the situation and investigate further.
