Software-as-a-Service (SaaS) company Snowflake will beef up the security of customer accounts. Starting November 2025, it will block all human users and service accounts using single-factor authentication.
Snowflake is a multi-cloud data warehouse platform used to store and analyze large amounts of data. Over ten thousand businesses and organizations worldwide use the company’s platform to handle their corporate data, including heavy hitters like Canva, Honeywell, OpenAI, and the New York Stock Exchange (NYSE).
In its last fiscal year, Snowflake had an annual revenue of $3.63 billion, an increase of 29.21% compared to the previous year. The company employs more than 7,800 people.
In 2024, customers of Snowflake were targeted by a threat actor called UNC5537, and both corporate and personal information were stolen. This happened because systems of customers and contractors were infected with infostealing malware, which enabled the attackers to steal login credentials and exfiltrate information from Snowflake’s servers.
According to cybersecurity firm Mandiant, approximately 165 customers were affected by this massive data breach, including Advance Auto Parts, Neiman Marcus, QuoteWizard, and Ticketmaster. The latter allegedly exposed data of over 560 million Ticketmaster customers.
Last year, Snowflake announced it would implement additional security measures to better safeguard customers’ accounts. Implementing obligatory multi-factor authentication (MFA) was one of these measures.
In a blog post that was updated recently, Snowflake shared more details about the phased implementation of MFA.
Starting this month, all users logging in via Snowflake’s Snowsight user interface will have to set up MFA. In August, all new users will be required to use MFA when signing in with passwords. Lastly, in November, single-factor authentication with only a password will be blocked for everyone.
The new policy applies to both human users and service accounts.
“Snowflake will continue investing in the security capabilities of our customer accounts and bring more products and innovations to this space, such as native support for passkeys and time-based one-time password (TOTP), including authenticator apps,” the company concludes its blog post.
Your email address will not be published. Required fields are markedmarked