Data cloud company Snowflake Inc. has introduced new security measures after its customers were targeted following a third-party breach earlier this year.

A hacking campaign targeting Snowflake users first came to light in late May when a claimed 560 million records stolen from Ticketmaster Entertainment appeared for sale on the Breach Forums hacking site. That was followed by data being offered for sale from U.S. auto parts provider Advance Auto Parts Inc. on June 6. The commonality between the two: They were both Snowflake customers.

On June 10, Google LLC’s Mandiant revealed that 165 Snowflake customers were targeted in the hacking campaign. Snowflake has always maintained that the data was not stolen as a result of a breach of its platform but rather targeted users who did not have multifactor authentication in place, which is the first of Snowflake’s security changes.

As detailed Tuesday in a blog post, Snowflake has unveiled new security features aimed at enhancing account protection, including making MFA mandatory. With the security changes, administrators can now enforce MFA for all users within a Snowflake account, with flexible configurations for local or single sign-on users. In addition, Snowflake’s Snowlight interface, Snowsight will now prompt users who haven’t enabled MFA to set it up, ensuring greater adoption across the platform.

To give administrators a helping hand to enforce these new security measures, Snowflake has also introduced a new comprehensive authentication policy. The policy allows for granular control, enabling MFA requirements at both the account and user levels. Service users, such as those involved in non-interactive access via automation, can be excluded from these requirements, with recommendations to use key-pair authentication or OAuth instead.

The Snowflake Trust Center, which from this week is now generally available, also assists in monitoring compliance. The center offers tools like the Security Essentials and CIS Benchmarks scanner packages to detect overprivileged entities and ensure adherence to MFA policies.

The decision to enforce MFA has been well-received by security experts. “From an account protection perspective, MFA is probably one of the single most effective controls to have in place,” Javvad Malik, lead security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “Given all the attacks against accounts, including credential-stuffing, more organizations should enable MFA by default.”

Darren James, senior product manager at password security tools company Specops Software, an Outpost24 company, noted that though the implementation of MFA is a positive, “MFA for existing customers will still need to be enabled by the end customer and we need to remember that MFA on its own isn’t a silver bullet. MFA comes in different forms e.g., OTP, Biometric, Push Notifications and the like, and some are more secure or phishing-resistant than others.”

Secure authentication to any platform should and can be achieved using a multilayer approach, he added: “Firstly, a strong password policy, then strong phishing resistant MFA, but don’t forget threat intelligence to understand who is logging in with an already breached password and to what systems (both external and internal). And finally locking down where users can log in from and using behavior signals such what times they would normally log in which can be used to thwart compromised session cookies.”

Image: theCUBE Research/DALL-E 3