Hackers have revealed details about the massive Ticketmaster data breach affecting 560 million customer accounts, which occurred through a security vulnerability at cloud storage provider Snowflake. The breach impacted 165 customers, including major companies like Santander, LendingTree, and Advance Auto Parts.

The hacker group ShinyHunters executed the breach by targeting EPAM Systems, a software engineering firm with $4.8 billion in revenue. Though EPAM disputes their involvement, the hackers claim they infected a Ukrainian EPAM employee's computer with malware through a sophisticated spear-phishing attack.

The attack sequence:

• Hackers deployed info-stealer malware through targeted phishing
• Installed a trojan to gain complete system access
• Discovered unencrypted Snowflake login credentials
• Accessed customer accounts due to lack of multi-factor authentication

Live Nation, Ticketmaster's parent company, confirmed the data theft from their Snowflake account in May 2024. The hackers have since released a preview of the stolen database on dark web forums, claiming to have 560 million Ticketmaster customer accounts available for sale.

About the Perpetrators: ShinyHunters, formed in 2020, has claimed responsibility for multiple high-profile breaches including:

• Microsoft
• AT&T
• PlutoTV
• Animal Jam
• Mashable
• Mathway
• Santander
• Wattpad

The incident highlights critical vulnerabilities in third-party contractor security and the importance of implementing robust authentication measures for cloud storage systems.

Related Articles

Previous Articles