Ticketmaster has been severely impacted by a cyber-attack, which has led to potential exposure of personal data belonging to 560 million customers. This alarming security breach was initially detected on May 20, 2024, as unauthorized activity within a third-party cloud database used by Ticketmaster.
Live Nation acknowledged the breach in a disclosure to the U.S. Securities and Exchange Commission. Details exposed include customer names, addresses, phone numbers, and partial payment information.
On May 27, the hackers, identified as the ShinyHunters group, began offering the stolen data for sale on the dark web. The group has demanded a ransom of approximately $500,000 to prevent the sale of this massive trove of personal information.
Simultaneously, Santander bank experienced a cyber intrusion, confirmed to have occurred approximately two weeks prior to their public acknowledgment. This breach involved the theft of sensitive data from 30 million customers, includes:
- 6 million account numbers with associated balances
- 28 million credit card numbers
- Staff HR details
ShinyHunters, the same group implicated in the Ticketmaster breach, claimed responsibility for this attack as well. They advertised the stolen Santander data on hacker forums, pricing it at a staggering $2 million. The bank’s staff HR details were also included in the compromised data.
Was Snowflake Compromised in These Breaches?
Both companies are reported to store their data with Snowflake, a cloud storage provider. Following the breaches, there was concern that vulnerabilities in Snowflake’s platform might have facilitated these incidents.
However, Snowflake, along with cybersecurity firms CrowdStrike and Mandiant, issued a joint statement refuting these concerns. They clarified that no evidence suggests that the breaches resulted from vulnerabilities, misconfigurations, or any malicious activity within the Snowflake product. The investigation indicated that these were targeted attacks focusing on accounts secured by single-factor authentication rather than multifactor authentication.
Snowflake has actively communicated with its customers regarding the incident. A statement from Snowflake clarified, “To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted.”
Snowflake has also responded by advising their customers on enhancing security measures, including the implementation of account and network policies to deter similar attacks. They emphasized that the compromised credentials were used to access only demo accounts associated with a former employee, which did not contain sensitive data or connect to Snowflake’s primary operational systems.
Authorities in Australia and the United States are collaborating with Ticketmaster to fully understand and mitigate the effects of the breach. Ticketmaster and Live Nation are taking steps to manage the risk to their customers by working with law enforcement and notifying affected individuals and regulatory bodies.
Related News:
Featured Image courtesy of Joe Raedle/Getty Images