Ticketmaster Breach May Be Just the Beginning: Cloud Provider Attack Feared to Have Wider Impact

A major cyberattack may be unfolding, with concerns that the reach extends beyond recently confirmed breaches at Ticketmaster and Santander. Experts fear more companies may be affected.

Breaches Confirmed, Details Unclear

On Friday, Ticketmaster's parent company Live Nation admitted a data breach after hackers claimed to be selling a massive dataset containing information on over 560 million customers. Banking giant Santander also confirmed a breach impacting millions of customers and staff.

While specifics remain unclear, both incidents may be tied to attacks targeting company accounts with the cloud hosting service Snowflake.

Snowflake Under Scrutiny

Snowflake, a cloud service used by companies like Adobe and Mastercard, is investigating a surge in hacking attempts targeting customer accounts. The company acknowledges a "limited number" of compromised accounts and denies any vulnerability in its own systems.

However, security researchers warn that the impact could be significant.

Wider Implications Feared

Australian cybersecurity officials issued a high alert, urging companies using Snowflake to heighten security measures. Experts warn of potential widespread ramifications.

Tracing the Attack

The attacks seemingly began in late May, with hackers advertising stolen Ticketmaster data online. The notorious hacking group ShinyHunters also claimed responsibility for a breach at Santander.

Israeli security firm Hudson Rock linked the breaches to compromised Snowflake accounts, alleging hackers gained access through stolen login credentials.

Possible Cause: Information-Stealing Malware

Security experts suspect information-stealing malware may have been used to steal Snowflake login credentials.

Ticketmaster and Santander Confirm Breaches

Ticketmaster confirmed its breached database resided on Snowflake's platform. Santander previously acknowledged unauthorized access to a database hosted by a third-party provider but did not identify the company.

Snowflake Responds

Snowflake claims to have notified all customers and encouraged them to bolster security measures. The company also identified suspicious activity linked to a malicious actor named "rapeflake."

Cloud Security Company Offers Insights

Mitiga, a cloud security firm, suggests a threat actor may have targeted Snowflake clients using an attack tool called "rapeflake." The company believes stolen information about Snowflake's systems could have been used to gain access to client accounts.

Early Signs of Wider Impact

Mitiga reports several clients seeking assistance, and cybersecurity researchers suggest more companies may be affected. Australian events company Ticketek also revealed a customer data breach potentially linked to a cloud-based platform.

The Full Picture Still Emerging

The extent of the attack remains unclear. Experts anticipate more companies will be revealed as victims in the coming days.