A reported breach of Ticketmaster that might have exposed the personal data of half a billion of the entertainment giant’s customers may be part of a larger compromise ensnaring hundreds of global companies, according to a report from an Israeli cybersecurity firm published Friday.

Ticketmaster has not yet commented on the breach, which was first reported on criminal forums earlier this week and includes more than a terabyte of data affecting 560 million of the ticket seller’s customers. Though the authenticity of the stolen data has not been confirmed, cybersecurity researchers say privately that they believe the data being offered for sale appears legitimate.

On Friday, the Israeli firm Hudson Rock reported that the breach of Ticketmaster may be linked to breaches at as many as 400 other companies perpetrated using the stolen credentials of an employee at Snowflake, the cloud storage and services company.

According to the Hudson Rock report, one of the cyber intelligence firm’s researchers spoke with a person claiming to be responsible for the breach of Snowflake who said that they had used the compromised credentials of a Snowflake employee to steal data from a large number of the company’s customers.

In an update shared with customers on the company’s website, Snowflake said it became “aware of potentially unauthorized access to certain customer accounts on May 23, 2024.” A subsequent investigation revealed “increased threat activity beginning mid-April 2024 from a subset of IP addresses and suspicious clients we believe are related to unauthorized access.”

Technical details shared by Snowflake noted that the company does not believe “this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product,” and that it has “promptly informed the limited number of customers who we believe may have been impacted.”

The person claiming to have attacked Snowflake told Hudson Rock it wanted Snowflake to pay them $20 million to return the stolen data.

A Snowflake spokesperson referred CyberScoop to the updates posted to their site. The spokesperson declined to respond to claims in the Hudson Rock report regarding the number of companies involved or whether a Snowflake employee’s credentials were used as part of the attack.

A spokesperson for the Australian Department of Home Affairs told CyberScoop that the Australian government “is aware of a cyber incident impacting Ticketmaster,” and that the country’s National Office of Cyber Security is “engaging with Ticketmaster to understand the incident.”

Neither Ticketmaster nor Live Nation Entertainment, its parent company, has commented on the alleged breach and theft of more than half a billion customer records. The company has not responded to multiple requests for comment from CyberScoop sent over four days.

The news comes as the Department of Justice and 30 state and district attorneys general have filed a civil antitrust lawsuit against Live Nation Entertainment and Ticketmaster for monopolization and “other unlawful conduct that thwarts competition in markets across the live entertainment industry.”

The DOJ did not respond to questions about the breach and whether it would affect the antitrust suit against Ticketmaster.

The Cybersecurity and Infrastructure Security Agency referred questions to Ticketmaster. The FBI did not respond to a request for comment Friday.

The claim that Ticketmaster had been breached first surfaced on Tuesday, when a persona known as “ShinyHunters” advertised the data  for sale for $500,000. VX-Underground, an online repository for malware research, said Thursday that it had spoken with “multiple individuals” who claimed to be involved in the Ticketmaster breach and that they accessed the company’s data through a managed service provider.

Listing posted to BreachForums (Cyberscoop).

ShinyHunters did not respond to questions about VX-Underground’s statement.

The listing and samples of six separate Ticketmaster datasets were posted to BreachForums, a cybercrime forum briefly disrupted May 15 as part of an FBI-led international law enforcement operation. The disruption was the second time police had taken down the site — but in both instances site administrators managed to reconstitute the site. It remains operational.

Separately, the hacker claiming to have targeted Ticketmaster is also selling data on customers of the bank Santander. The bank acknowledged May 14 that data from customers in Chile, Spain and Uruguay, as well as “all current and some former Santander employees,” has been stolen. Data on as many as 30 million people could be involved in that attack, the BBC reported Friday.

The post Alleged Ticketmaster breach could be part of larger compromise, researchers say appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Iran hacking group impersonates defense firms, hostage campaigners

February 28, 2024 0 Comments 0 tags

An Iranian-sponsored cyberespionage unit is impersonating major brands like Boeing and the Chinese drone manufacturer DJI as part of a social engineering and phishing campaign targeting the aerospace, aviation and

Read More

US Election Officials Told to Prepare for Nation-State Influence Campaigns

April 18, 2024 0 Comments 0 tags

A US government advisory sets out actions election officials need to take to mitigate the impact of nation-state influence campaigns ahead of the November elections

Read More

Byakugan Infostealer Capabilities Revealed

April 8, 2024 0 Comments 0 tags

Fortinet said the malware functions identified include screen monitoring, screen capturing, cryptomining and more

Read More