Unauthorized Access to Telemetry Information

Security Bulletins

Audience
Public
Product
FlashBlade
FlashArray
FlashBlade > Purity//FB
FlashArray > Purity//FA
Portworx
Source Type
Documentation

Following a thorough investigation, Everpure has confirmed and addressed a security incident involving a third party that had temporarily gained unauthorized access to a single Snowflake data analytics workspace. The workspace contained telemetry information that Pure uses to provide proactive customer support services. That information includes company names, LDAP usernames, email addresses, and the Purity software release version number.

The workspace did not include compromising information such as passwords for array access, or any of the data that is stored on the customer systems. Such information is never and can never be communicated outside of the array itself, and is not part of any telemetry information. Telemetry information cannot be used to gain unauthorized access to customer systems.

Everpure took immediate action to block any further unauthorized access to the workspace. Additionally, we see no evidence of unusual activity on other elements of the Pure infrastructure. Pure continues to monitor our customers’ systems and has not found any unusual activity. We are currently in contact with customers who similarly have not detected unusual activity targeting their Pure systems.

Final findings from a leading cybersecurity firm we engaged also validates the conclusion we reached regarding the information in the workspace. This third-party forensic security assessment was conducted to review exposed data and to determine whether the data creates any risk of compromise to any customer system, concluding that the exposed telemetry data cannot be used either to compromise nor otherwise exploit a customer system.

The third-party forensic security assessment was further engaged to review all of Pure’s Snowflake instances for any evidence of further unauthorized access that was not discovered during the initial internal investigation. That review is complete, confirming the findings of Pure’s initial investigation that there was no further access.

Everpure remains fully committed to providing timely and transparent updates to our customers and we will continue to monitor this situation and use this forum for important updates.

Note: Customers should log in to access additional information related to general security best practices.

General Security Best Practices

  1. Latest Purity Versions: Purity//FA Upgrades and Purity//FB Upgrades

  2. Password Best Practices: FlashArray Password Protection and FlashBlade Password Change

  3. Everpure SafeMode: FlashArray SafeMode and FlashBlade SafeMode for Object Store

  4. Users with elevated privileges will always be at heightened risk for phishing attempts. While no credentials were compromised, we recommend our customers adhere to phishing resistance best practices such as those issued by CISA.