Ticketmaster breached in suspected cyberattack targeting Snowflake clients

Snowflake, a cloud storage provider, has reported that several of its customers’ accounts were hacked by threat actors who obtained credentials through info-stealing malware or by purchasing them on online crime forums. Among the affected customers is Ticketmaster parent company Live Nation, which disclosed that the hack occurred through an unnamed third-party provider, later revealed to be Snowflake.

According to independent security researcher Kevin Beaumont, Ticketmaster is one of six Snowflake customers targeted in the hacking campaign. The Australian Signal Directorate also confirmed successful compromises of several companies using Snowflake environments. Additionally, Santander, Spain’s largest bank, was reportedly hacked in the same campaign.

This news comes after a hacking group known as ShinyHunters claimed responsibility for breaching Santander and Ticketmaster, posting data online as evidence. The group sought millions of dollars for the stolen data, which included customer records and credit card information.

Snowflake has urged all customers to ensure their accounts are protected with multifactor authentication, as compromised credentials were used in the attacks against its customers. While investigations are ongoing, no evidence has been found linking the breaches to any vulnerabilities or misconfigurations in Snowflake’s platform.

Beaumont criticized Snowflake for not prioritizing secure authentication, suggesting that the company needs to review its authentication processes to prevent future breaches.

In conclusion, the recent hacks targeting Snowflake customers highlight the importance of robust cybersecurity measures in today’s digital landscape. It serves as a reminder for companies to prioritize security to protect their data and customers from potential threats.