Snowflake CEO: Default multifactor authentication is coming soon

Snowflake will outline a plan to require all customers to use additional security protections "within the coming days" after a spate of high-profile security breaches involving customers that didn't take that step.

Snowflake CEO Sridhar Ramaswamy speaks on stage Monday at the Snowflake Data Cloud Summit.
Snowflake CEO Sridhar Ramaswamy speaks on stage Monday at the Snowflake Data Cloud Summit. (Credit: Snowflake)

SAN FRANCISCO — After a week during which growing numbers of Snowflake customers reported data breaches after failing to use multifactor authentication to secure their accounts, CEO Sridhar Ramaswamy said Thursday that the company plans to require customers to use the additional protection in the near future.

"It's clear that we have to do something about this," Ramaswamy said in an interview with Runtime on the last day of the Snowflake Data Cloud Summit. Snowflake has been urging customers all week to turn on MFA security features for their accounts, "but I think making this programmatic is the next logical step we do need to take," he said.

Several high-profile Snowflake customers — including Ticketmaster parent company Live Nation and Santander, one of the largest banks in the world — have recently reported data breaches that security experts have linked to Snowflake accounts that lacked multifactor authentication. Techcrunch reported Wednesday that "hundreds" of login credentials stolen from Snowflake customers are available for sale in hacking forums, suggesting that this issue could become much more widespread in coming days.

Given that a lot of Snowflake customers use automated service accounts to run tasks, the problem is more complex than simply throwing a switch to require MFA in order to access data in Snowflake, Ramaswamy said. However, the company will outline a plan to address those accounts "in the coming days," he said.

Backed by statements from security companies Mandiant and Crowdstrike, Snowflake has insisted that the breach was not caused by any software vulnerability or security issue in its software. However, other cloud software companies require their customers to turn on the additional protections afforded by MFA; Microsoft will require Azure customers to use MFA starting in July, and GitHub mandated MFA use in January.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Runtime.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.