In recent news, a massive data breach at Ticketmaster and another breach at Santander Bank have raised concerns about the security of data stored on third-party cloud storage services. Both incidents highlight the importance of implementing robust security measures, such as multifactor authentication (MFA) and IP restrictions, to protect sensitive information.
The Ticketmaster breach was disclosed in a regulatory filing by parent company Live Nation Entertainment, revealing that a breach on May 20 compromised a database hosted by a third-party cloud storage provider. Reports surfaced of data belonging to 550 million Ticketmaster customers being offered for sale on a Dark Web forum by a group called “ShinyHunters,” associated with the BreachForums leak site. Santander Bank also fell victim to a similar breach on May 14, where unauthorized access was gained to a database held by a third-party cloud services provider, affecting customers in Spain, Chile, and Uruguay.
ShinyHunters claimed responsibility for the Santander theft, offering data on 30 million customers, 28 million credit card numbers, and other sensitive information for sale. While Ticketmaster and Santander did not disclose the specific cloud service provider involved, security analysts identified Snowflake as the likely provider, serving major companies like MasterCard and Disney.
Snowflake acknowledged recent malicious activity targeting customer accounts, attributed to a targeted campaign against users with single-factor authentication. This highlights the necessity of phishing-resistant MFA and network IP restrictions, according to David Bradbury, CSO at Okta. He emphasized the importance of additional security measures beyond MFA to prevent post-authentication attacks that bypass traditional security methods.
The responsibility for securing data on cloud platforms lies with both the vendor and the customer, as per the cloud shared responsibility model. Customers must adhere to best practices and configuration guidelines to mitigate risks, says Michael Lyborg, CISO at Swimlane. While providers should enforce baseline security measures like MFA and zero trust, Patrick Tiquet of Keeper Security argues against universal implementation, citing varying customer needs and preferences.
The breaches at Ticketmaster and Santander serve as a reminder of the critical need for strong security measures in cloud environments. As organizations increasingly rely on cloud services, it is imperative for both providers and customers to prioritize security to guard against cyber threats. As the digital landscape continues to evolve, proactive security measures are essential to safeguard sensitive data and maintain trust with customers.