Quick Look:
- Hackers compromised 560 million customers’ data via a third-party cloud database.
- Sensitive data of 30 million individuals and millions of bank account details were stolen.
- Snowflake is intensifying security, working with CrowdStrike and Mandiant, and pushing for multifactor authentication.
On Friday, Live Nation’s Ticketmaster confirmed a significant personal information data breach. The leakage compromised the personal information of approximately 560 million customers. The breach occurred through a third-party cloud database environment, believed to be orchestrated by the notorious hacking group Shiny Hunters. The stolen data was later found on a hacking forum, raising substantial security concerns.
Snowflake Responds to Ticketmaster Breach
Snowflake, a company involved in the incident, commented on the breach. The company indicated that the attack seemed specifically aimed at single-factor authentication users. They assured stakeholders that there was no evidence of a vulnerability or misconfiguration in Snowflake’s platform contributing to the breach. Meanwhile, cybersecurity firm Hudson Rock took prompt action to remove the report from online forums to mitigate further risks.
Santander Bank also fell victim to Shiny Hunters, with the hackers allegedly stealing vast amounts of sensitive data. The compromised information included bank details of 30 million individual account numbers and balances for 6 million accounts. Besides, it obtained credit card numbers for 28 million customers. The severity of this breach highlights the persistent and evolving threat posed by cybercriminal groups.
Hackers Target Snowflake Customers: Hundreds of Passwords Exposed
The incidents extended beyond Ticketmaster and Santander, affecting several other companies like Advance Auto Parts and LendingTree. Hackers targeted Snowflake customer accounts, exposing hundreds of customer passwords using infostealer malware. This type of malware, designed to harvest sensitive information, has seen a surge in usage, driven by its effectiveness in compromising data such as credit card numbers, web browser activities, and bank account information. According to Flashpoint Inc., the demand for such malware is rising, with monthly subscriptions priced at around $250.
Snowflake Bolsters Security with CrowdStrike and Mandiant
Recognising the gravity of these breaches, Snowflake has intensified its security protocols. Moreover, the company works closely with renowned cybersecurity firms CrowdStrike and Mandiant to bolster their defences. They have urged customers to adopt multifactor authentication (MFA). Currently, they are in the process of developing a plan to mandate MFA for all users.
The US Cybersecurity and Infrastructure Security Agency and the Australian Cyber Security Centre have issued alerts regarding the breaches. These agencies recommend enhanced cybersecurity practices to counteract the threats associated with the Snowflake incident.
Snowflake has also made it clear through various communications that the hackers exploited single-factor authentication vulnerabilities using infostealer malware or purchased credentials and that there is no evidence of any inherent vulnerabilities in their platform.
Shiny Hunters’ High-Profile Attacks Increase Since 2020
The Shiny Hunters group, active since 2020, has a history of high-profile attacks on companies such as Microsoft, Mashable, and Bonobos. Their recent activities underscore the growing sophistication and audacity of cyber criminals. As organisations rely on cloud-based solutions, robust cybersecurity measures become increasingly critical to safeguard sensitive data and maintain user trust.
The recent breaches at Ticketmaster and Santander Bank underscore the persistent and evolving threat of cybercrime. With personal and financial data at stake, organisations must adopt stringent security measures, including multifactor authentication, to protect against sophisticated hacking groups like Shiny Hunters. Collaborative efforts with cybersecurity firms and adherence to recommendations from governmental cybersecurity agencies are essential steps in fortifying defences against future attacks.
COMMENTS