Ticketmaster and Santander data vulnerability related to Snowflake cloud storage
06:35 01/06/2024
2 minutes of reading
A suspected data breach affecting 560 million Ticketmaster accounts and another confirmed by Santander Bank may have originated from attacks on cloud storage accounts by a company called Snowflake. According to Bleeping Computer, an investigation by cybersecurity firm Hudson Rock reports that a bad actor accessed Ticketmaster and Santander using the stolen credentials of a Snowflake employee.
According to Hudson Rock, the attacker bypassed the Okta authentication service by using these credentials and then generated session tokens to obtain a trove of information from Snowflake. In addition to Ticketmaster and Santander Bank, Hudson Rock believes the attacker may have accessed hundreds of other Snowflake customers. Some of the big brands that use this cloud storage service include AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard.
According to Bleeping Computer , the attackers appear to be a hacker group called ShinyHunters, which attempted to sell Ticketmaster data on the dark web for $500,000. ShinyHunters also claimed responsibility for the Santander attack and offered to sell information believed to belong to more than 30 million customers.
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not…
— vx-underground (@vxunderground) May 30, 2024
Snowflake appeared to refute Hudson Rock’s findings in its latest response, saying that while investigating “potential unauthorized access to certain customer accounts,” it “observed Increased threat activity began in mid-April 2024 from a group of IP addresses and suspicious partners that we believe are involved in unauthorized access.”
More details about those findings are available [here], but the company said that although a bad actor accessed a “demo account” belonging to a former employee, it did not contain sensitive information. have a cold. They stated that “To date, we do not believe this activity is due to any vulnerabilities, misconfigurations, or malicious activity in the Snowflake product.”
Ticketmaster has not yet confirmed any breach, but malware tracker vx-underground said it can confirm “with a high degree of confidence” that the leaked data was legitimate. It noted that some of the leaked information dates back to the mid-2000s and included full names, emails, addresses, phone numbers, encrypted credit card numbers and more.
Earlier this month, Santander published a statement confirming that “some information” of customers in Chile, Spain and Uruguay had been accessed. Techlade reached out to Ticketmaster and Santander for comment but did not immediately receive a response.
Keywords:
Related articles
Palm Mini 2 Ultra: Máy tính bảng mini cho game thủ
Robot with smart grip
NASA’s goal of conquering the Sun
Apple launches a new feature that makes it easier to use your phone while sitting on vehicle
Google Photos launches smart search feature “Ask for photos”
Roku streams live MLB baseball games for free
Gun detection AI technology company uses Disney to successfully persuade New York
Hackers claim to have collected 49 million Dell customer addresses before the company discovered the breach
Thai food delivery app Line Man Wongnai plans to IPO in Thailand and the US in 2025
Google pioneered the development of the first social networking application for Android
AI outperforms humans in gaming: Altera receives investment from Eric Schmidt
TikTok automatically labels AI content from platforms like DALL·E 3
Dell’s data was hacked, revealing customers’ home address information
Cracking passwords using Brute Force takes more time, but don’t rejoice!
US lawsuit against Apple: What will happen to iPhone and Android?
The UAE will likely help fund OpenAI’s self-produced chips
AI-composed blues music lacks human flair and rhythm
iOS 17: iPhone is safer with anti-theft feature
Samsung launches 2024 OLED TV with the highlight of breakthrough anti-glare technology
REGISTER
TODAY
Sign up to get the inside scoop on today's biggest stories in markets, technology delivered daily.
By clicking “Sign Up”, you accept our Terms of Service and Privacy Policy. You can opt out at any time.
5
s
Comment (0)