One of the biggest hacks of the year may have begun to unfold. Late on Friday, events company Live Nation, which owns Ticketmaster, confirmed it suffered a data breach after hackers claimed to be selling 500 million online customer records. The banking firm Santander also confirmed that he had suffered a data breach that affected millions of customers and staff after the same group of hackers announced their data.
While the specific circumstances of the breaches (including exactly what information was stolen and how it was accessed) remain unclear, the incidents may be related to attacks against company accounts with cloud hosting provider Snowflake. The US-based cloud company has thousands of customers, including Adobe, Canva and Mastercard, who can store and analyze large amounts of data on their systems.
Security experts say that as more details become clear about the hackers’ attempts to access and take data from Snowflake’s systems, other companies may reveal that their data was stolen. However, the situation currently developing is confusing and complicated.
“Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customer accounts,” Brad Jones, chief information security officer at Snowflake. he wrote in a blog post acknowledging the cybersecurity incident on Friday. Snowflake has found a “limited number” of customer accounts that have been attacked by hackers who obtained their login credentials into the company’s systems, Jones wrote. Snowflake also found a former staff member’s “demo” account that had been accessed.
However, Snowflake does not “believe” it was the source of the leaked customer credentials, the post says. “We have no evidence to suggest that this activity was caused by any vulnerability, misconfiguration, or violation of Snowflake’s product,” Jones writes in the blog post.
While the number of Snowflake accounts that were accessed or what data may have been taken has not been released, government officials are warning about the impact of the attack. Australian Cyber Security Center issued a “high” alert on Saturday saying that it is “aware of successful compromises of several companies using Snowflake environments” and that companies using Snowflake should reset their account credentials, enable multi-factor authentication, and review user activity.
“It looks like Snowflake has suffered a pretty serious security compromise,” says security researcher Troy Hunt, who runs the data breach reporting website. They have cheated me?, he tells WIRED. “Being a supplier to a lot of other different parties, it’s kind of come up in different data breaches in different places.”
Details of the data breaches began to emerge on May 27. A newly registered account on cybercrime forum Exploit posted an ad claiming to be selling 1.3TB of Ticketmaster data, including the information of more than 560 million people. The hacker claimed to have names, addresses, email addresses, phone numbers, some credit card data, ticket sales, order details and more. They asked for $500,000 for the database.
A day later, the ShinyHunters established hacking group, which first emerged in 2020 on a data theft rampage, before selling 70 million AT&T records in 2021—Posted the exact same Ticketmaster ad on rival marketplace BreachForums. At the time, Ticketmaster and its parent company Live Nation had not confirmed any data theft and it was unclear whether any of the posts about the data sale were legitimate.
