Last week, the hack-and-leak ring, ShinyHunters, made headlines by putting what they claimed to be data on over half a billion Ticketmaster customers up for sale on the BreachForums underground market. The media was abuzz with reports and speculation on the validity of this claim, putting Ticketmaster parent Live Nation in the hot seat. Now, Live Nation has come forward to acknowledge that the breach indeed occurred, but details are scarce.
In a data breach disclosure filed with the US Securities and Exchange Commission (SEC) on Friday, Live Nation revealed that there was “unauthorized activity within a third-party cloud database environment containing company data” on May 20. Additionally, it was noted that on May 27, a “criminal threat actor” offered what they claimed to be company user data for sale on the Dark Web. This revelation has raised concerns among consumers and cybersecurity experts alike.
Despite confirming the breach, Live Nation did not provide specifics on the number of records or the type of data that was compromised. ShinyHunters, the group responsible for the breach, boasted about having personally identifiable information (PII) such as names, emails, addresses, and partial payment card details in their listing on BreachForums. This has left many Ticketmaster customers worried about the safety of their personal information.
The SEC filing by Live Nation appears to be voluntary, with the company downplaying the impact of the breach on its financial standing. They stated that they do not expect the breach to be “material,” implying that they anticipate minimal consequences from the incident. This stance contradicts the alarming claims made by ShinyHunters in their underground listings.
Furthermore, Snowflake, the third-party cloud database provider involved in the breach, has acknowledged cyberactivity targeting some of its customers, including Ticketmaster. However, Snowflake did not disclose the identities of the affected customers and has yet to comment on the situation. The attacks on Snowflake’s customers were attributed to poor configuration, leaving accounts vulnerable to exploitation by threat actors.
The lack of concrete information surrounding the breach has raised questions about the extent of the impact on Snowflake’s customers and the overall cybersecurity landscape. Aside from Ticketmaster, other high-profile accounts using Snowflake’s services include AT&T, jetBlue, Mastercard, and Santander. The recent data breach at Santander, involving a third-party provider, adds another layer of concern to the situation.
Matt Hull, global head of threat intelligence at NCC Group, has highlighted the uncertainty surrounding ShinyHunters’ role in the breach. He pointed out discrepancies between ShinyHunters’ post on BreachForums and a similar post on a Russian cybercriminal forum, suggesting that ShinyHunters may be acting as intermediaries for the original attackers. This complexity adds further intrigue to an already convoluted situation.
As the investigation continues, Live Nation has reiterated its commitment to mitigating risks for users and the company. They have pledged to cooperate with law enforcement and regulatory authorities while keeping affected users informed about the unauthorized access to their personal information. The full scope of the breach and its implications remain unclear, but one thing is certain – cybersecurity threats are evolving, and organizations must remain vigilant to protect sensitive data.