May 31, 2024 at 09:25PM
Live Nation confirms Ticketmaster data breach after it was stolen from a third-party cloud database provider, Snowflake. Criminal threat actor offers user data for sale on the dark web. 560 million users’ data exposed, including personal information and event details. Threat actor claims to have stolen data from several other companies. Snowflake confirms recent breaches due to insecure customer accounts.
From the meeting notes provided, it is clear that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. The breach has allegedly exposed the data of over 560 million Ticketmaster users, including customers’ full details such as names, home and email addresses, and phone numbers, as well as ticket sales, order, and event information.
The threat actor Shiny Hunters has been attempting to sell the Ticketmaster data on a hacking forum for $500,000. There was a conversation with the threat actor, during which they claimed responsibility for the recent Santander and Ticketmaster data breaches, stating that they stole the data from the cloud storage company Snowflake using stolen credentials from a Snowflake employee’s ServiceNow account.
It was also mentioned that other companies, including Anheuser-Busch, State Farm, Mitsubishi, Progressive, Neiman Marcus, Allstate, and Advance Auto Parts, were affected by the same method employed by the threat actor to steal their data.
Snowflake confirmed that the recent breaches were caused by poorly secured customer accounts whose credentials were stolen and did not have multi-factor authentication enabled. The attacks began in mid-April, with customers’ data being stolen on May 23. Snowflake has shared Indicators of Compromise (IOCs) from the attacks with customers.
Mandiant Consulting has been investigating compromised Snowflake clients and believes that their Snowflake tenants were breached using stolen credentials. When contacted, Snowflake did not dispute the claims made by the threat actor about hacking an employee’s account.
It should be noted that this is a developing story and the investigation into the data breaches is ongoing.
Please let me know if there is anything specific you would like me to focus on or any particular action that needs to be taken.