Security News Snowflake hack - Ticketmaster and others affected

[I Walk MY Way]

Content source

https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack

Emails, phone numbers, addresses, and even financial details have allegedly been exposed by a notorious hacker group.

To its critics, it seems Ticketmaster may be experiencing some karma lately for years of being the bane of concertgoers' existence. Unfortunately its latest hassle — a massive data leak — also negatively impacts consumers.

Just last week, the U.S. Justice Department filed an antitrust lawsuit against the ticketing conglomerate. The DOJ is seeking to break up the alleged monopoly its parent company, Live Nation Entertainment, holds over the live music and entertainment industry – potentially a good thing for consumers.

But Amid this nightmare for the company, a hacker group is now claiming to have stolen more than 500 million Ticketmaster customers' data in an attack.

Ticketmaster hacked. Breach affects more than half a billion users.

Emails, phone numbers, addresses, and even financial details have allegedly been exposed by a notorious hacker group.

mashable.com

 

[vtqhtr413]

Ticketmaster confirms massive breach after stolen data for sale online

Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake.

www.bleepingcomputer.com

Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake.

"On May 20, 2024, Live Nation Entertainment, Inc. (the "Company" or "we") identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster LLC subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened," Live Nation shared in a Friday night SEC filing.

"On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web."

"We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information."

 

[I Walk MY Way]

I like the way the say mitigate risk to our users Its a bit late for that now..

 

[I Walk MY Way]

Ticketmaster hacked in what’s believed to be a spree hitting Snowflake customers

Researcher says Snowflake customers hit by mass scraping ... "but nobody noticed."

arstechnica.com

 

[vtqhtr413]

It is interesting that Snowflake is still vehemently denning it.

Snowflake says there’s no evidence attackers breached its platform to hack Ticketmaster

The massive Ticketmaster hack may be due to an account without multi-factor authentication.

www.theverge.com

CrowdStrike and Mandiant joined in a statement saying data breaches for Ticketmaster and Santander appear to be ‘targeted attacks.’

 

[Ink]

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog

A campaign targeting Snowflake customer database instances with the intent of data theft and extortion.

cloud.google.com

Hackers steal “significant volume” of data from hundreds of Snowflake customers

Given shortcomings of Snowflake and its customers, there's plenty of blame to go around.

arstechnica.com

While Mandiant has largely absolved Snowflake of any blame in the mass compromise of its customers, researcher Kevin Beaumont has vocally held the cloud provider responsible for much of it.

“They need to, at an engineering and secure by design level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” he wrote last week. “Secure authentication should not be optional.” On Mastodon, the researcher characterized the Snowflake authentication system as “terrible.”

The Snowflake authentication setup is terrible.

MFA can’t be enabled org wide, each user has to manually log in and enable it. There’s no policy to block users without MFA. And it uses Duo MFA rather than your orgs MFA. (You can bring your own MFA with SAML).

Also all users log in via a Snowflake domain, so you can just pull creds from info stealer marketplaces or logs.

That’s why they’re being targeted as a platform.

 

[vtqhtr413]

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.

www.wired.com

Hackers who stole terabytes of data from Ticketmaster and other customers of the cloud storage firm Snowflake claim they obtained access to some of the Snowflake accounts by first breaching a Belarusian-founded contractor that works with those customers.

About 165 customer accounts were potentially affected in the recent hacking campaign targeting Snowflake’s customers, but only a few of these have been identified so far. In addition to Ticketmaster, the banking firm Santander has also acknowledged that its Snowflake account was breached; the stolen data included bank account details for 30 million customers, including 6 million account numbers and balances, 28 million credit card numbers, and human resources information about staff, according to a post published by the hackers. Lending Tree and Advance Auto Parts have also said they might be victims as well.