In a major cybersecurity incident, hackers have stolen terabytes of data from Ticketmaster and other Snowflake customers, affecting approximately 560 million accounts. The breach originated from a single compromised Belarusian contractor.

The attack, carried out by the hacking group ShinyHunters, impacted 165 Snowflake customers, including Santander, Lending Tree, and Advance Auto Parts. The hackers gained access through EPAM Systems, a software engineering firm with $4.8 billion in revenue, though EPAM disputes their involvement.

How the Breach Occurred:

• An EPAM employee in Ukraine fell victim to a spear-phishing attack
• Hackers installed info-stealer malware and a trojan on the employee's computer
• Unencrypted usernames and passwords for Snowflake accounts were discovered
• Lack of multi-factor authentication enabled access to customer accounts

Live Nation, Ticketmaster's parent company, confirmed the data theft from their Snowflake account in May 2024. The stolen database, containing 560 million Ticketmaster customer accounts, is now being sold on dark web forums.

About ShinyHunters:

• Formed in 2020
• Named after Pokemon gaming franchise
• Previously breached Microsoft, AT&T, PlutoTV, and other major companies

Related Articles

Previous Articles