Major Data Breaches Unfold, Impacting Live Nation, Ticketmaster, and Santander

A significant cyberattack has come to light, involving data breaches at Live Nation, the parent company of Ticketmaster, and banking giant Santander. Live Nation confirmed the breach after hackers claimed to be selling half a billion customer records online. Santander also acknowledged a data breach affecting millions of customers and employees, with the same group of hackers advertising the stolen data. The specifics of these breaches, including the exact data compromised and how it was accessed, remain unclear. However, the incidents may be linked to attacks on company accounts with cloud hosting provider Snowflake, which serves numerous high-profile clients.

Snowflake’s Chief Information Security Officer, Brad Jones, addressed the situation in a blog post, noting an increase in cyber threat activity targeting some customer accounts. He mentioned that a limited number of accounts were targeted by hackers who obtained login credentials and that a former staff member’s demo account was accessed. While Snowflake found no evidence suggesting any vulnerabilities or misconfigurations in its product, it advised customers to reset account credentials, enable multi-factor authentication, and review user activity. Australia’s Cyber Security Center also issued a high alert, warning companies to secure their Snowflake accounts.

Details of the data breaches began to surface when a new account on the cybercrime forum Exploit claimed to be selling 1.3 TB of Ticketmaster data. The following day, the hacking group ShinyHunters posted the same ad on BreachForums, indicating they had stolen Ticketmaster’s data. ShinyHunters also claimed to be selling 30 million customer and staff details from Santander. These incidents have brought significant attention to the illegal marketplace, which ShinyHunters recently revived after the FBI took it down.

Israeli security firm Hudson Rock linked the two hacks to Snowflake’s systems, based on conversations with the alleged hacker who claimed to have accessed Snowflake’s systems. The hacker purportedly tried to sell the data back to Snowflake for $20 million. Cloud security firm Mitiga observed a threat actor targeting Snowflake databases using a tool called “rapeflake,” which has broader implications for other companies. Early signs indicate that more organizations might be affected, with cybersecurity researcher Kevin Beaumont aware of six impacted companies and Australian events company Ticketek reporting unauthorized access to customer data stored on a cloud-based platform.