Observe Statement on Snowflake Incident

By Observe Team ,May 31, 2024

We are aware of recent reports related to a potential compromise of certain Snowflake accounts. At this time, we believe that no Snowflake accounts managed by Observe were targeted or compromised in this incident. Snowflake has also confirmed to us that they have no indicators of compromise for any of our accounts. We have independently verified that there are no indicators of compromise related to this incident in any of our accounts. We require MFA for all user accounts in Snowflake, which protects us from the attack vector identified in this attack.

More information about the Snowflake incident can be found in these two articles:

• https://community.snowflake.com/s/question/0D5VI00000Emyl00AB/detecting-and-preventing-unauthorized-user-access
• https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information

Following the advice in these articles, we have:

• Verified that all Snowflake user accounts are secured with multi-factor authentication (MFA).
• Verified that no Observe-managed account has any indicators of compromise by running the Snowflake queries listed in https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information.
• Added the Snowflake-provided IOCs to our security monitoring.

We are also in contact with our counterparts at Snowflake to receive updates from them as their investigation unfolds, and will provide updates to this statement if there is new information to share.

Updates

• 2024-05-31 Initial post
• 2024-06-03 Added notes about Observe’s security posture
• 2024-07-15 Monitoring continues, no update