Ticketmaster confirms data breach with 560 million users personal info at risk

The company that owns Ticketmaster, Live Nation, acknowledged on Friday that hackers may have used “unauthorized activity” in its database on May 20 to obtain the personal data of 560 million customers. Several reports and revocations in the last few days have left it unclear how the violation happened.

Initial Suspicions Involving Snowflake

Initially, cybercrime expert HudsonRock suggested that the breach was due to data taken from a third-party cloud database provider, potentially Snowflake. It was believed that the hacker accessed the system by compromising a Snowflake employee account, utilizing stolen credentials to override Okta’s secure authentication and infiltrating a ServiceNow account. However, this report has been retracted without clarification.

Snowflake’s Response and Refutations

Snowflake CISO Brad Jones, supported by CrowdStrike and Mandiant. Refuted allegations in a statement released over the weekend that a security flaw or improper configuration in the Snowflake platform. Was the reason behind the significant data breaches at Ticketmaster and Santander. Which also revealed that information belonging to an estimated 30 million customers was pilfered. Although the demo accounts did not contain any sensitive information. Snowflake acknowledged discovering evidence that a threat actor had obtained the personal credentials of a former employee and accessed them.

Data on Sale

Bleeping Computer reports that Shiny Hunters, a threat actor, tried to sell the Ticketmaster data for $500,000 on a hacker forum. One and a third terabytes of data, including complete customer information (i.e. names, residential and work addresses, phone numbers, and information about events and ticket sales for 560 million patrons).

Uncertain Accountability and Future Threats

Thus, it’s difficult to determine who is at fault and whether the claimed scope of the breach is reliable. If Shiny Hunters’ data about Ticketmaster is accurate, the issue went beyond simply granting access to a trial account. This indicates that Ticketmaster and/or one of its cloud or managed service providers neglected to implement crucial security measures. Snowflake has kept its purpose very well under wraps, but a number of sources have indicated that attacks against Snowflake instances have increased recently. If this is true, there may be more attacks imminent, potentially affecting even more organizations relying on similar cloud infrastructure.