Pure Storage Security Bulletin for Unauthorized Access to Telemetry Information

Following an investigation, Pure Storage, Inc. has confirmed and addressed a security incident involving a 3rd party that had temporarily gained unauthorized access to a single Snowflake data analytics workspace.

The workspace contained telemetry information that Pure uses to provide proactive customer support services. That information includes company names, LDAP usernames, email addresses, and the Purity software release version number.

The workspace did not include compromising information such as passwords for array access, or any of the data that is stored on the customer systems. Such information is never and can never be communicated outside of the array itself, and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems.

Pure took immediate action to block any further unauthorized access to the workspace. Additionally, we see no evidence of unusual activity on other elements of the Pure infrastructure. Pure is monitoring our customers’ systems and has not found any unusual activity. We are currently in contact with customers who similarly have not detected unusual activity targeting their Pure systems.

Preliminary findings from a leading cybersecurity firm we engaged also validates the conclusion we reached regarding the information in the workspace. Pure remains fully committed to providing timely and transparent updates to our customers and we will continue to monitor this situation and use this forum for important updates.

Note: Customers should log in to access additional information related to general security best practices.

On this topic

• General Security Best Practices