Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Live Nation confirms Ticketmaster breach, as cloud platform denies responsibility

Cloud storage company Snowflake says the breach is not its fault, as the ACSC released an alert warning of “increased cyber threat activity regarding Snowflake customers”.

user icon David Hollingworth
Mon, 03 Jun 2024
Live Nation confirms Ticketmaster breach, as cloud platform denies responsibility
expand image

Last week’s Ticketmaster data breach has gotten even more complex over the weekend, as an Israeli security analyst pinned the blame on a cloud storage company – which the company has vehemently denied.

Analysts at Hudson Rock said in a now-deleted post that cloud storage firm Snowflake was the source of the hack, having been in contact with the hackers themselves.

However, Snowflake denies the breach was its fault, but rather, it was an issue with stolen credentials, not a breach of its systems.

============
============

“Snowflake and third-party cyber security experts CrowdStrike and Mandiant are providing a joint statement related to our ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts,” a Snowflake spokesperson said in a 2 June advisory.

The company said that there is no evidence of any vulnerability in the company’s platform, nor evidence of any breach, but rather a “targeted campaign directed at users with single-factor authentication”.

“We did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data,” Snowflake said.

“Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or multifactor authentication (MFA), unlike Snowflake’s corporate and production systems.”

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) also shared an alert regarding Snowflake customer environments.

“The ASD’s ACSC is tracking increased cyber threat activity relating to Snowflake customer environments,” the ACSC said in a 1 June alert.

“The ASD’s ACSC is aware of successful compromises of several companies utilising Snowflake environments.”

One of those other companies appears to be Santander Bank, with the same hacker behind the Ticketmaster breach, ShinyHunters, claiming to have access to the data of 30 million South American customers last week on 30 May.

Mark Jones, a senior partner at Tesserent, says the Snowflake incident is an important reminder of the dangers of third-party threats.

“It’s important for organisations to protect sensitive information, safeguard intellectual property, maintain supply chain integrity, ensure compliance with regulations, and mitigate operational risks. Organisations should not only focus on internal controls but also put a strong focus on managing their third-party suppliers and understand and assess the security risks they may pose,” Jones said.

For its part, Live Nation has confirmed the data breach with a filing to the US Securities and Exchange Commission.

“On May 20, 2024, Live Nation Entertainment ... identified unauthorised activity within a third-party cloud database environment containing company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened,” Live Nation said in its SEC filing.

“On May 27, 2024, a criminal threat actor offered what it alleged to be company user data for sale via the dark web. We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.

“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks, and our remediation efforts are ongoing.”

Over the weekend Australian event company Ticketek revealed that it, too, had suffered a data breach involving “a cloud-based platform, hosted by a reputable, global third-party supplier.”

As of writing, it is unknown if that third-party supplier is also Snowflake.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.