Snowflake says there’s no evidence attackers breached its platform to hack Ticketmaster

Source: The Verge added 04th Jun 2024

  • snowflake-says-there’s-no-evidence-attackers-breached-its-platform-to-hack-ticketmaster

Snowflake says there’s no evidence attackers breached its platform to hack Ticketmaster

/

CrowdStrike and Mandiant joined in a statement saying data breaches for Ticketmaster and Santander appear to be ‘targeted attacks.’

By Richard Lawler, a senior editor following news across tech, culture, policy, and entertainment. He joined The Verge in 2021 after several years covering news at Engadget.

Share this story

Illustration by Amelia Holowaty Krales / The Verge

A Ticketmaster data breach that allegedly includes details for 560 million accounts and another one affecting Santander have been linked to their accounts at Snowflake, a cloud storage provider. However, Snowflake says there’s no evidence its platform is at fault.

A joint statement to that effect made last night with CrowdStrike and Mandiant, two third-party security companies investigating the incident, lends additional credibility to the claim. Also, an earlier third-party report saying bad actors generated session tokens and may have compromised “hundreds” of Snowflake accounts has now been removed. Hudson Rock, the security firm behind that report, posted a statement of its own today on LinkedIn: “In accordance to a letter we received from Snowflake’s legal counsel, we have decided to take down all content related to our report.”

A post from Snowflake says, “To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted.”

The joint statement says the attacks appear to be a “targeted campaign” focused on accounts without multifactor authentication. Snowflake has also released instructions for customers to review their accounts for unusual activity and ways to set up account and network policies to prevent similar attacks.

We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform;

We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;

This appears to be a targeted campaign directed at users with single-factor authentication;

As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware; and 

We did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.

Ticketmaster’s parent company, Live Nation, which waited 11 days to confirm the data breach in a note to investors late Friday evening, has not provided any additional details about what information has been compromised or responded to inquiries.

Read the full article at The Verge

media: 'The Verge'  

Related posts


Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Related Products



Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91