Summarize

Simplifying... Inshort

A massive data breach has hit Ticketmaster and Santander Bank, compromising over 590 million accounts.
The suspected hacker group, ShinyHunters, is selling the stolen data on the dark web.
Despite claims of a system vulnerability, Snowflake, the cloud storage service used by these companies, insists the breach was due to unauthorized access to a non-sensitive demo account.

Was a long read? Making it simpler...

Next Article

Data breach linked to attacks on Snowflake's cloud storage

Massive data breach compromises over 590 million Ticketmaster, Santander accounts

By Akash Pandey

Jun 01, 2024

10:56 am

What's the story

A data breach affecting about 560 million Ticketmaster accounts and Santander Bank data of over 30 million customers, may have originated from attacks on cloud storage accounts with a company named Snowflake. As reported by Bleeping Computer, an investigation from cybersecurity firm Hudson Rock, suggests that a malicious actor gained access to these firms using the stolen credentials of a single Snowflake employee. The hacker reportedly bypassed authentication service Okta, generating session tokens to extract information from Snowflake.

Wider impact

Potential threat to other Snowflake customers

In addition to Ticketmaster and Santander Bank, Hudson Rock suggests that the hacker may have accessed hundreds of other Snowflake customers. Major brands using the cloud storage service include AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard. The hacking group ShinyHunters is believed to be behind these attacks and has attempted to sell Ticketmaster's data on the dark web for $500,000. ShinyHunters also took credit for the Santander breach, putting up for sale data purportedly belonging to over 30 million customers.

Dispute details

Snowflake disputes Hudson Rock's findings

Snowflake has contested Hudson Rock's findings in its response. While investigating "potentially unauthorized access to certain customer accounts," the company "observed increased threat activity beginning mid-April 2024 from a subset of IP addresses and suspicious clients we believe are related to unauthorized access." Snowflake maintains that a bad actor accessed a "demo account" of a former employee, but it didn't contain sensitive information. The company asserts that it doesn't believe this activity is due to any vulnerability within its product.

Data legitimacy

Leaked data deemed legitimate

Before Ticketmaster parent Live Nation confirmed the breach, malware tracker vx-underground stated it could assert "with a high degree of confidence" that the leaked data is legitimate. The leaked information reportedly dates back to mid-2000s and contains full names, addresses, emails, phone numbers, and hashed credit card numbers. Last month, Santander issued a statement confirming that "certain information" of customers in Spain, Chile, and Uruguay had been accessed.