Security News > 2024 > July > Snowflake lets admins make MFA mandatory across all user accounts

A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication controls, the cloud storage and data analytics company is offering a mandatory MFA option to admins.

The general availability of Snowflake Trust Center was also announced concurrently - a framework for customers to monitor compliance with the MFA policies Snowflake hopes will be applied more broadly.

The default for Snowflake customers is to enable MFA on a per-user basis, and MFA is still not enabled by default.

Ransomware crews investing in custom data stealing malware Snowflake breach snowballs as more victims, perps, come forward Pure Storage pwned, claims data plundered by crims who broke into Snowflake workspace Snowflake customers not using MFA are not unique - over 165 of them have been compromised.

Hudson Rock originally alleged that the data compromises potentially impacting millions of people were carried out after Snowflake itself was attacked, rather than the accounts of individual customers - a claim Snowflake vehemently and consistently still denies.

Some intrusions have emerged since the Snowflake saga began, such as those at US car part dealer Advance Auto Parts and Aussie ticketing company Ticketek, but haven't explicitly cited Snowflake accounts as the sources.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/10/snowflake_mandatory_mfa/