News + Trends
Ticketmaster: Hackers allegedly steal data from 560 million people
by Debora Pape
Snowflake security leak: Is the Ticketmaster hack just the tip of the iceberg?
3.6.2024
Translation: machine translated
Was Ticketmaster not the only victim of the ShinyHunter hack? Experts suspect that they were able to capture the data through a hack of the cloud supplier Snowflake. Around 10,000 companies are customers of the company.
Update from 4 June 2024: Allegations against Snowflake refuted
The two security companies CroudStrike and Mandiant have also investigated the security incident at SnowFlake. Both companies concluded their report with the realisation that the hacks at Ticketmaster and Bank Santander cannot be linked to what happened at Snowflake. This reinforces the statement from Snowflake itself, which had already ruled out a connection beforehand.
The security experts at Hudson Rock, who made this assumption (and on whose statement also
Kevin Beaumont's blog post is based on) have since been taken offline. HudsonRock has officially confirmed this on LinkedIn.
However, it is still clear that there were also security incidents at SnowFlake. The cloud provider speaks in this context of a "targeted campaign focussing on accounts without multi-factor authentication". It is therefore still not clear how the ShinyHunters group was able to gain access to Ticketmaster and Santander data.
Original report
Last week, it was revealed that the hacker collective ShinyHunters had infiltrated the ticket provider Ticketmaster and captured the data of over 500 million customers.
After the tech portal Heise classified some data records from the sample as genuine, Ticketmaster finally confirmed the data leak.
More companies affected?
Now, however, the incident appears to be spreading. Security researcher Kevin Beaumont has written on his blog that there has been another, much more far-reaching security incident. The victim is the cloud supplier Snowflake. The company counts around 10,000 companies among its customers.
In addition to Ticketmaster, this also includes the bank Santander. Around 30 million data records with some sensitive customer and employee data have also been stolen and are now being offered to be bought back for two million US dollars. Companies such as HP, Novartis, Siemens and Mastercard are also among Snowflake's customers.
Source: Florian Bodoky
In another blog post, Beaumont writes that he is currently in contact with six other Snowflake customers. These were all affected by the security incidents at Snowflake and had suffered data theft.
In his opinion, it is therefore quite possible that the data leak at Ticketmaster, Bank Santander and the other companies was ultimately due to a cyber attack on Snowflake. The ShinyHunters group obtained the access rights using a tool called Rapeflake.
For its part, the cloud supplier admits that unauthorised access had taken place. However, this was limited to a demo account of a former employee. It is therefore not possible that their customers' login data was stolen. The near future will show whether and which companies are affected by blackmail and to what extent conclusions can be drawn about Snowflake.
Header image: Shutterstock
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.
2 comments
later