29TH JUN 2024
Ticketmaster has begun notifying customers of a significant data breach after hackers accessed the company's Snowflake database, compromising the personal information of millions of people.
According to a data breach notification shared with the Office of the Maine Attorney General, Ticketmaster discovered that "an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider."
The breach, which occurred between April 2, 2024, and May 18, 2024, was identified on May 23, 2024. Since the investigation began, no further unauthorized activity has been detected.
Ticketmaster revealed that the breach exposed customers' names, basic contact information, and additional unspecified data varying by user. The company advises customers to remain vigilant against identity theft and fraud and has offered one year of free identity monitoring to track their credit history.
Despite initially stating that the breach affected ">1000" individuals, the actual number of impacted customers is in the millions, with much more sensitive information exposed.
Last month, the threat actor known as ShinyHunters began selling the stolen data from Live Nation/Ticketmaster, claiming it included personal and credit card information of 560 million users. The hackers used compromised Ticketmaster credentials, which lacked multi-factor authentication, to steal data from the Snowflake account.
Snowflake, a cloud-based data warehousing service, is utilized by enterprises for storing databases, processing data, and performing analytics. ShinyHunters started selling the data on May 28 on a notorious hacking forum for $500,000. The dataset, purportedly 1.3TB in size, contained information for 560 million customers, including ticket sales, event details, customer fraud information, and partial credit card data.
Samples of the data seen included more than just basic contact information. Millions of customers have had the following data exposed:
Full names
Email addresses
Phone numbers
Addresses
Hashed credit card details
Payment amounts.
Ticketmaster remained silent for several days before confirming the breach in a Friday evening SEC filing on May 31, asserting that the incident would not materially impact the company.
This breach is among several recent data theft incidents linked to the Snowflake platform. A joint investigation by Snowflake, Mandiant, and CrowdStrike found that a threat actor, tracked as UNC5537, targeted at least 165 organizations that had not enabled multi-factor authentication on their accounts. The attackers used credentials stolen by information-stealing malware infections dating back to 2020 to breach Snowflake accounts.
Ticketmaster's breach underscores the critical need for robust security measures, including multi-factor authentication, to protect sensitive data in cloud environments.
