Alleged Ticketmaster data breach linked to Snowflake security breach

Recent reports have drawn attention to an alleged data breach involving Ticketmaster, the global ticketing company, following the relaunch of hacking website BreachForums, and the potential link to a Snowflake security breach.

As TechDay reports, the personal information of more than 500 million customers has been compromised. While the incident remains under scrutiny, cybersecurity experts have weighed in on the implications and steps to take to mitigate the risks.

Toby Lewis, Global Head of Threat Analysis at Darktrace, provided some insight into the matter. This alleged attack on Ticketmaster is a nasty reminder that no organization is immune to cyberthreats. However, it is crucial to approach this incident with skepticism until more information becomes available, as the timing of the data offered on the relaunched BreachForums site raises questions about its authenticity, Lewis noted. He stressed the need for confirmation and transparency regarding the data accessed if the violation is confirmed.

Lewis advised customers to take precautionary measures, such as changing passwords and monitoring accounts. He recognized the potential uselessness of these actions if attackers still have access or if there are no breaches. You are advised to wait for confirmation and follow instructions from Ticketmaster Incident Response Teams, » said Lewis. He recommended that customers be prepared to change their password again if necessary.

Highlighting the importance of proactive cybersecurity measures, Lewis highlighted the role of artificial intelligence (AI) in preventing such attacks. Cybersecurity must be at the forefront of business technology strategy. AI tools can automate prevention and response protocols, enabling proactive defense, he explained. Until more concrete details are revealed, he urged customers to remain vigilant, but not jump to conclusions about the scale or impact of the breach.

Additional comments from Brian Soby, CTO and co-founder of AppOmni, highlighted a related security issue involving Snowflake, a major cloud storage company. Soby said the breaches at Ticketmaster and Santander could be linked to an attack on Snowflake. The incident at Snowflake is due to the same problem we are seeing in the market: companies are not integrating the security of their SaaS applications into their security architectures, » declared Soby.

He explained that the attackers used stolen credentials to connect to Snowflake's ServiceNow instance because it was misconfigured, allowing single sign-on (SSO) to be optional instead of be obligatory. This access allowed the attackers to move laterally across Snowflake customer environments.

Soby cautioned against partial solutions that do not incorporate comprehensive SaaS security posture management (SSPM). These partial solutions that do not integrate SSPM fail to stop a major source of modern data breaches. Incomplete solutions can be trivially bypassed due to poor application security posture, he stated.

Adding to the talk, Nitin Sonawane, Chief Product Officer and Co-Founder of Zilla Security, highlighted an increase in cyber threat activities targeting Snowflake accounts. Notably, the breach at Ticketmaster resulted in the data of 560 million customers being leaked. Sonawane highlighted vulnerabilities related to accounts not protected by multi-factor authentication (MFA). He advised enabling SSO and MFA for all Snowflake accounts and ensuring account passwords are removed according to Snowflake documentation.

Sonawane recommended identifying all Snowflake accounts created outside of the enterprise identity platform with a static password and scanning the environment for compromised activity using queries suggested by Snowflake.

As these incidents continue to increase, cybersecurity experts highlight the need for businesses to strengthen their security measures, integrate comprehensive SSPM solutions, and ensure strict adherence to secure authentication protocols. In the meantime, customers are advised to remain cautious and follow the advice of relevant organizations.