On Friday, May 31st, Live Nation announced and later confirmed that Ticketmaster had suffered a data breach after ShinyHunters, a group of hackers, claimed to have stolen the personal information of 560 million customers. The database includes names, phone numbers, home addresses, and even credit card details from Ticketmaster accounts worldwide, being one of the biggest hacks this year. The group has reportedly demanded a ransom payment of $500,000 not to sell the data to third parties.
The group didn’t stop there! The banking company Santander has also confirmed that it had experienced a data breach, affecting 30 million customer accounts and staff members. The hacking group has allegedly posted an advert saying they are attempting to sell this confidential information.
Santander has apologized and stated "the concern this will understandably cause" adding that it is "proactively contacting affected customers and employees directly."
The specific circumstances regarding these breaches remain unclear – including how the information was stolen, when it was accessed, and how. However, these incidents seem linked to attacks against accounts using Snowflake’s cloud storage. If that’s the case, it may lead to one of the largest hacks in history, as the cloud storage provider hosts thousands of large companies – including Adobe, Mastercard, and Canva.
Unfortunately, as more details are surfacing about the data breaches and hackers’ attempts to access Snowflake’s systems, other companies may reveal that their data had also been stolen.
Brad Jones, Snowflake’s chief information security officer, has stated in a blog post: “Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts”, acknowledging the cybersecurity incident on Friday against Ticketmaster.
According to Jones, Snowflake has also identified a “limited number of Snowflake customers” who may have been targeted after their company systems’ login credentials were compromised. Even more so, Snowflake has also found that the “demo” of one of their former staff members has been accessed.
However, in neither situation, Snowflake doesn’t “believe” that this was the source of the leaked information. In fact, Jones wrote in the official blog post: “We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product”.
While the official number of compromised Snowflake accounts has not yet been released, government officials are beginning to take caution about the potential repercussions of the attack and advise on necessary precautions.
On Saturday, Australia’s Cyber Security Center raised a “high” alert, stating that they are “aware of successful compromises of several companies utilizing Snowflake environments. This is why companies using Snowflake are advised to reset their account credentials, enable multifactor authentication, and thoroughly review user activity.
.webp)
.webp)
