Ticketmaster confirms huge breach after stolen knowledge on the market on-line

Stay Nation has confirmed that Ticketmaster suffered an information breach after its knowledge was stolen from a third-party cloud database supplier, which is believed to be Snowflake.

“On May 20, 2024, Live Nation Entertainment, Inc. (the “Firm” or “we”) identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster LLC subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened,” Stay Nation shared in a Friday evening SEC submitting.

“On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web.”

“We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.”

Whereas the breach has allegedly uncovered the information of over 560 million Ticketmaster customers, the corporate states that they don’t consider that the breach may have a cloth influence on the general enterprise operations or its monetary situation.

This admission comes after a menace actor often called Shiny Hunters has been trying to promote the Ticketmaster knowledge on a hacking discussion board for $500,000.

The allegedly stolen databases supposedly comprise 1.3TB of information, together with clients’ full particulars (i.e., names, house and e mail addresses, and cellphone numbers), in addition to ticket gross sales, order, and occasion info for 560 million clients.

Ticketmaster data for sale on a hacking forum
Ticketmaster knowledge on the market on a hacking discussion board
Supply: BleepingComputer

In a dialog with the menace actor, ShinyHunters advised BleepingComputer that there have been patrons within the knowledge. They believed that one of many patrons that approached them was Ticketmaster themselves.

When requested how they stole the information, the menace actor mentioned they “can’t say anything about this.”

Nevertheless, right now, extra info was revealed on how the menace actors gained entry to the Ticketmaster database and probably the information of many different clients.

Alon Gal of Hudson Rock spoke to one of many menace actors behind the assault, who claimed they had been accountable for current Santander and Ticketmaster knowledge breaches and mentioned they stole the information from cloud storage firm Snowflake.

In keeping with the menace actor, they used credentials stolen utilizing information-stealing malware to breach a Snowflake worker’s ServiceNow account, which they used to exfiltrate info from the corporate. This info included unexpired auth tokens that may very well be used to create session tokens and entry buyer accounts to obtain knowledge.

The menace actor claims that they used this technique to steal knowledge from different firms, together with Anheuser-Busch, State Farm, Mitsubishi, Progressive, Neiman Marcus, Allstate, and Advance Auto Elements.

Progressive and Mistubishi disputed the menace actor’s claims, telling BleepingComputer that there is no such thing as a indication of any breach of their methods or knowledge.

Snowflake says the current breaches had been brought on by poorly secured buyer accounts whose credentials had been stolen and didn’t have multi-factor authentication enabled.

The corporate added that the assaults started in mid-April, with clients’ knowledge first being stolen on Might 23. Snowflake has shared IOCs from the assaults in order that clients can question logs to find out in the event that they had been breached.

Mandiant Consulting CTO Charles Carmakal advised BleepingComputer that Mandiant has been investigating compromised Snowflake shoppers over the previous few weeks and believes their Snowflake tenants had been breached utilizing stolen credentials.

After we contacted Snowflake to substantiate the menace actor’s claims that they hacked an worker’s account, as an alternative of disputing them, they mentioned they’d nothing additional to share.

This can be a growing story.

Recent articles