Cloud Hosting

One of the biggest hacks of the year may have started to unfold. Late on Friday, embattled events business Live Nation, which owns Ticketmaster, confirmed it suffered a data breach after criminal hackers claimed to be selling half a billion customer records online. Banking firm Santander also confirmed it had suffered a data breach impacting millions of customers and staff after its data was advertised by the same group of hackers.

While the specific circumstances of the breachesincluding exactly what information was stolen and how it was accessedremain unclear, the incidents may be linked to attacks against company accounts with cloud hosting provider Snowflake. The US-based cloud firm has thousands of customers, including Adobe, Canva, and Mastercard, which can store and analyze vast amounts of data in its systems.

Security experts say that as more details become clear about hackers' attempts to access and take data from Snowflakes systems, it is possible that other companies will reveal they had data stolen. At present, though, the developing situation is messy and complicated.

Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers accounts, wrote Brad Jones, Snowflakes chief information security officer in a blog post acknowledging the cybersecurity incident on Friday. Snowflake has found a limited number of customer accounts that have been targeted by hackers who obtained their login credentials to the companys systems, Jones wrote. Snowflake also found one former staff members demo account that had been accessed.

However, Snowflake doesnt believe it was the source of any leaked customer credentials, the post says. We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflakes product, Jones wrote in the blog post.

While the number of Snowflake accounts accessed and what data may have been taken have not been released, government officials are warning about the impact of the attack. Australias Cyber Security Center issued a high alert on Saturday, saying it is aware of successful compromises of several companies utilizing Snowflake environments and companies using Snowflake should reset their account credentials, turn on multifactor authentication, and review user activity.

It looks like Snowflake has had some rather egregiously bad security compromise, security researcher Troy Hunt, who runs data breach notification website Have I Been Pwned, tells WIRED. It being a provider to many other different parties, it has sort of bubbled up to different data breaches in different locations.

Details of the data breaches started to emerge on May 27. A newly registered account on cybercrime forum Exploit posted an advertisement where they claimed to be selling 1.3 TB of Ticketmaster data, including more than 560 million peoples information. The hacker claimed to have names, addresses, email addresses, phone numbers, some credit card details, ticket sales, order details, and more. They asked for $500,000 for the database.

One day later, the established hacking group ShinyHunterswhich first emerged in 2020 with a data-stealing rampage, before selling 70 million AT&T records in 2021posted the exact same Ticketmaster ad on rival marketplace BreachForums. At the time, Ticketmaster and its parent company Live Nation had not confirmed any data theft and it was unclear if either post selling the data was legitimate.

View post:
The Ticketmaster Data Breach May Be Just the Beginning - WIRED