Researchers say a threat actor claims to have hacked Ticketmaster and Santander using stolen credentials of a Snowflake employee; Snowflake disputes the claims
A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake.
BleepingComputer Sergiu Gatlan
Related Coverage
- Ticketmaster confirms data hack which could affect 560m globally BBC
- Detecting and Preventing Unauthorized User Access: Instructions Snowflake
- Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer Infection Hudson Rock
- Ticketmaster confirms data breach with a SEC filing Stack Diary · Alex Ivanovs
- Alleged Ticketmaster Breach Tied to Hacks at Cloud Provider Snowflake PCMag · Michael Kan
- Ticketmaster just got hacked exposing more than half a billion users TweakTown · Jak Connor
- Massive Ticketmaster, Santander data breaches linked to Snowflake cloud storage The Verge · Emma Roth
- Snowflake denies miscreants melted its security to steal data from top customers The Register · Tobias Mann
- Cloud company Snowflake denies that reported breach originated with its products The Record · James Reddick
- Alleged Ticketmaster breach could be part of larger compromise, researchers say CyberScoop · AJ Vicens
- The Snowflake employee environment was a demo one they created, just like anyone can spin up a new env to play with. — I do wonder what was loaded into that environment, though? @daedalus@eigenmagic.net
- Snowflake is denying it's the source. Says if breaches happened, it was via the individual customer accounts, not via Snowflake itself. — https://community.snowflake.com/ ... @daedalus@eigenmagic.net
- Snowflake: there is absolutely no cybersecurity incident. — Also Snowflake: Please run these commands and look for “threat activity” logins with the user agent “rapeflake” using this knowledge base article we haven't listed on our website. — https://community.snowflake.com/ ... [image] @GossiTheDog@cyberplace.social · Kevin Beaumont
- Five orgs have told me they are running incidents for Snowflake, where their data has been copied. @GossiTheDog@cyberplace.social · Kevin Beaumont
- Huh, looks like someone dropped an infostealer onto a Snowflake employee's PC and used their credentials to access a bunch of customer data. — https://www.hudsonrock.com/... @daedalus@eigenmagic.net
- I saw the threat actor's claims of generating session tokens on demand, and I saw Snowflake's response. Personally I believe Snowflake. — It's credible that the threat actor could have used an infostealer and use a stolen token/credential to login to ServiceNow, but it's not at all credible that they would have used ServiceNow to generate tokens on demand to access Snowflake customers. … @chort@infosec.exchange · Chort
- Very big cyber incident playing out at Snowflake, who describe themselves as “AI Data Cloud”. They have a free trial where anybody can sign up and upload data... and they have. — Threat actors have been scraping customer data using a tool called rapeflake, for about a month. @GossiTheDog@cyberplace.social · Kevin Beaumont
- The tl;dr of the Snowflake thing is mass scraping has been happening, but nobody noticed.. and they're pointing at customers for having poor credentials. It appears a lot of data has gone walkies from a bunch of orgs. — Snowflake is a big AI data company with a conference in the US next week, chances of that going ahead are interesting. … @GossiTheDog@cyberplace.social · Kevin Beaumont
- We're breaking a huge story here - Snowflake, Cloud Storage Giant, Suffers Massive Breach. — Hacker Confirms to Hudson Rock Access Achieved Through Infostealer Infection ⬇ … Alon Gal
- Ticketmaster confirms data hack which could affect 560M globally Hacker News
- Form 8-K — On May 20, 2024, Live Nation Entertainment, Inc. (the “Company” or “we") … Live Nation Entertainment, Inc.
- Live Nation confirms Ticketmaster was hacked, says personal information stolen in data breach TechCrunch · Zack Whittaker
- Live Nation confirms Ticketmaster data breach compromising 500 million users WKBN-TV · Joshua Hallenbeck
- Ticketmaster Hacked: Customer Data Stolen and Shopped on Dark Web by ‘Criminal Threat Actor,’ Live Nation Discloses Variety · Todd Spangler
- Ticketmaster Confirms Data Breach. Here's What to Know. New York Times · Sopan Deb
- Ticketmaster data breach exposes 560 million customers' data, IT group says Fox News · Kurt Knutsson
- Data leak at Ticketmaster, over 560 million customers affected nltimes.nl
- Live Nation took 11 days to confirm the massive Ticketmaster data breach The Verge · Richard Lawler
- Hackers Stole Ticketmaster User Data And Tried To Sell It On The Dark Web, Parent Company Live Nation Says Deadline · Dade Hayes
- The mysterious tale of an alleged breach at Ticketmaster Axios · Sam Sabin
- Data allegedly stolen from 560 million Ticketmaster users BBC
- Santander staff and ‘30 million’ customers hacked BBC · Joe Tidy
- ShinyHunters Claims Santander Bank Breach: 30M Customers' Data for Sale Hackread · Waqas
- Santander confirms ‘30 million customers hit by data breach’ after ‘hack’ Daily Express
- Santander hit by massive cyberattack: All staff and ‘30million’ customers have personal data stolen by gang ‘behind Ticketmaster hack’ Daily Mail · Elizabeth Haigh
- Santander staff and ‘30 million’ customers have bank data stolen by hackers The Mirror · Ruby Flanagan
- Santander hit by huge cyberattack leaving 30 million customers at risk Metro.co.uk · Katherine Fidler
- ShinyHunters is selling data of 30 million Santander customers Security Affairs · Pierluigi Paganini
- 30,000,000 Customers' Data Allegedly Exposed and on Sale After Trillion-Dollar Bank Suffers Massive Data Breach: Report The Daily Hodl
- Hacker Sells Apparent Santander Bank Customer Data DeviceSecurity.io · David Perera
- ShinyHunters claims Santander breach, selling data for 30M customers BleepingComputer · Lawrence Abrams
- Santander customers' private data put up for sale for $2m by hackers The Guardian · Zoe Wood
- Banking details of 30 million Santander customers exposed during breach allegedly up for sale on the dark web ITPro · Solomon Klappholz
- Data of 30M Santander customers for sale, ShinyHunters take the spotlight Cybernews.com · Ernestas Naprys
- Hackers claim to have bank account details of 30m Santander customers Finextra
- 𝗛𝗼𝘄 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹 𝗰𝗼𝗺 … Anis Ahmed
- All Santander staff and 30M customers in Spain, Chile and Uruguay hacked Hacker News
Discussion
-
@evisdrenova
Evis Drenova
on x
Wow. Hacker used one employee's login creds to dump refresh tokens and then used those to generate as many session tokens as they wanted. Then bypassed Okta using a new session token + the employee's password. https://www.hudsonrock.com/...
-
@troyhunt
Troy Hunt
on x
This is a great write up on the possible origin of both the Ticketmaster and Santander data breaches, both attributed back to a compromise at @SnowflakeDB: https://www.hudsonrock.com/...
-
@gossithedog
Kevin Beaumont
on x
Enterprise orgs, check your proxy logs (if you still have a proxy and haven't yeeted yourself off a zero trust bridge yet) for *.snowflake.com to see if any of your users signed for up for the free trial and set your data free.
-
@rockhudsonrock
@rockhudsonrock
on x
🚨🚨 NEW INVESTIGATION 🚨🚨 Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer Infection https://www.hudsonrock.com/... [image]
-
@arkadiyt
Arkadiy Tetelman
on x
Steal a Snowflake employee's cookies, access their helpdesk, & generate session tokens into customer environments. Completely preventable yet still all too common Thankfully we have a network policy requiring VPN for Snowflake access, so any session tokens for us were useless
-
@hunterwalk
@hunterwalk
on threads
i swear i was buying those front row Backstreet Boys tickets with meet & greet for a friend every single tour since 1993 For. A. Friend.
-
@joetidy
Joe Tidy
on x
Ticketmaster confirms data hack which could affect 560m globally. Confirmed then. It's a biggie. https://www.bbc.com/...
-
@joetidy
Joe Tidy
on x
Finding out about a giant data breach affecting hundreds of millions of people through a chilled out notice to investors is pretty grim. “We do not believe it is reasonably likely to have, a material impact on our financial condition or results of operations.”
-
@josephfcox
Joseph Cox
on x
New from 404 Media: Ticketmaster/Live Nation confirm the hack in an SEC filing. I also obtained a second, larger sample of data on Thursday. I verified it relates to genuine accounts on the Ticketmaster website, included personal info, payments, etc https://www.404media.co/...
-
@josephfcox
Joseph Cox
on x
Here's how I verified the second, larger sample of Ticketmaster data I got https://www.404media.co/... [image]
-
r/technews
r
on reddit
Live Nation confirms Ticketmaster was hacked, says personal information stolen in data breach
-
@mattjay
Matt Johansen
on x
This is a wild ride. Snowflake breached and scraped of over 400 companies data. Ticketmaster and Santander leaks this week seem to be tied to this. @vxunderground and @GossiTheDog putting out great content on it. [video]
-
@h4ckmanac
@h4ckmanac
on x
🚨#DataBreach Update: 🚨 🇪🇸#Spain: The allegedly stolen data from Santander has also been put up for sale on the well-known hacking forum BreachForums, directly by the administrator ShinyHunters. ShinyHunters is the same threat actor who is selling the details of 560 million [image…