Stay Nation has confirmed that Ticketmaster suffered a data breach after its knowledge was stolen from a third-party cloud database supplier, which is believed to be Snowflake.
“On Might 20, 2024, Stay Nation Leisure, Inc. (the “Firm” or “we”) recognized unauthorized exercise inside a third-party cloud database atmosphere containing Firm knowledge (primarily from its Ticketmaster LLC subsidiary) and launched an investigation with industry-leading forensic investigators to know what occurred,” Stay Nation shared in a Friday night time SEC submitting.
“On Might 27, 2024, a prison menace actor supplied what it alleged to be Firm consumer knowledge on the market through the darkish internet.”
“We’re working to mitigate danger to our customers and the Firm, and have notified and are cooperating with regulation enforcement. As acceptable, we’re additionally notifying regulatory authorities and customers with respect to unauthorized entry to non-public data.”
Whereas the breach has allegedly uncovered the info of over 560 million Ticketmaster customers, the corporate states that they don’t consider that the breach can have a fabric influence on the general enterprise operations or its monetary situation.
This admission comes after a menace actor generally known as Shiny Hunters has been making an attempt to promote the Ticketmaster knowledge on a hacking discussion board for $500,000.
The allegedly stolen databases supposedly include 1.3TB of knowledge, together with prospects’ full particulars (i.e., names, dwelling and e-mail addresses, and cellphone numbers), in addition to ticket gross sales, order, and occasion data for 560 million prospects.
Supply: BleepingComputer
In a dialog with the menace actor, ShinyHunters instructed BleepingComputer that there have been consumers within the knowledge. They believed that one of many consumers that approached them was Ticketmaster themselves.
When requested how they stole the info, the menace actor stated they “cannot say something about this.”
Nonetheless, at present, extra data was revealed on how the menace actors gained entry to the Ticketmaster database and probably the info of many different prospects.
Alon Gal of Hudson Rock spoke to one of many menace actors behind the assault, who claimed they had been liable for current Santander and Ticketmaster data breaches and stated they stole the info from cloud storage firm Snowflake.
In accordance with the menace actor, they used credentials stolen utilizing information-stealing malware to breach a Snowflake worker’s ServiceNow account, which they used to exfiltrate data from the corporate. This data included unexpired auth tokens that may very well be used to create session tokens and entry buyer accounts to obtain knowledge.
The menace actor claims that they used this methodology to steal knowledge from different firms, together with Anheuser-Busch, State Farm, Mitsubishi, Progressive, Neiman Marcus, Allstate, and Advance Auto Elements.
Progressive and Mistubishi disputed the menace actor’s claims, telling BleepingComputer that there isn’t any indication of any breach of their programs or knowledge.
Snowflake says the current breaches had been attributable to poorly secured buyer accounts whose credentials had been stolen and didn’t have multi-factor authentication enabled.
The corporate added that the assaults started in mid-April, with prospects’ knowledge first being stolen on Might 23. Snowflake has shared IOCs from the assaults in order that prospects can question logs to find out in the event that they had been breached.
Mandiant Consulting CTO Charles Carmakal instructed BleepingComputer that Mandiant has been investigating compromised Snowflake shoppers over the previous few weeks and believes their Snowflake tenants had been breached utilizing stolen credentials.
After we contacted Snowflake to substantiate the menace actor’s claims that they hacked an worker’s account, as an alternative of disputing them, they stated they’d nothing additional to share.
This can be a growing story.
