MongoDB hits 8.0; Microsoft's open-source data project
Today on Product Saturday: MongoDB focuses on performance and resilience, Microsoft tackles event handling with a new open-source project, and the quote of the week.
Snowflake will outline a plan to require all customers to use additional security protections "within the coming days" after a spate of high-profile security breaches involving customers that didn't take that step.
SAN FRANCISCO — After a week during which growing numbers of Snowflake customers reported data breaches after failing to use multifactor authentication to secure their accounts, CEO Sridhar Ramaswamy said Thursday that the company plans to require customers to use the additional protection in the near future.
"It's clear that we have to do something about this," Ramaswamy said in an interview with Runtime on the last day of the Snowflake Data Cloud Summit. Snowflake has been urging customers all week to turn on MFA security features for their accounts, "but I think making this programmatic is the next logical step we do need to take," he said.
Several high-profile Snowflake customers — including Ticketmaster parent company Live Nation and Santander, one of the largest banks in the world — have recently reported data breaches that security experts have linked to Snowflake accounts that lacked multifactor authentication. Techcrunch reported Wednesday that "hundreds" of login credentials stolen from Snowflake customers are available for sale in hacking forums, suggesting that this issue could become much more widespread in coming days.
Given that a lot of Snowflake customers use automated service accounts to run tasks, the problem is more complex than simply throwing a switch to require MFA in order to access data in Snowflake, Ramaswamy said. However, the company will outline a plan to address those accounts "in the coming days," he said.
Backed by statements from security companies Mandiant and Crowdstrike, Snowflake has insisted that the breach was not caused by any software vulnerability or security issue in its software. However, other cloud software companies require their customers to turn on the additional protections afforded by MFA; Microsoft will require Azure customers to use MFA starting in July, and GitHub mandated MFA use in January.