Massive Ticketmaster and Santander data breaches linked to Snowflake cloud storage

An alleged data breach that could affect as many as 560 million Ticketmaster accounts and one confirmed for Banco Santander may have resulted from attacks on the cloud storage accounts of a company called Snowflake. As seen per Computer beepingan investigation of cybersecurity company Hudson Rock reports that a bad actor gained access to Ticketmaster and Santander using the stolen credentials of a single Snowflake employee.

According to Hudson Rock, the hacker bypassed the Okta authentication service using these credentials and then generated session tokens to obtain a treasure trove of information from Snowflake. In addition to Ticketmaster and Banco Santander, Hudson Rock suggests the hacker may have gained access to hundreds of other Snowflake customers. Some of the top brands using the cloud storage service include AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard.

Snowflake apparently disputed Hudson Rock’s findings in its most recent response, saying this While investigating “potentially unauthorized access to certain customer accounts,” it “observed an increase in threat activity beginning in mid-April 2024 from a subset of suspicious IP addresses and customers that we believe are related to unauthorized access.”

More details about these findings are available here, but the company claims that although a bad actor accessed a “demo account” belonging to a former employee, it did not contain confidential information. It states that “At this time, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity in the Snowflake product.”

Ticketmaster has not yet confirmed any violations, but vx-underground malware tracker says it can say “with a high degree of confidence” that the leaked data is legitimate. He notes that some of the leaked information dates back to the mid-2000s and includes full names, emails, addresses, phone numbers, hashed credit card numbers, and more.

At the beginning of this month, Santander published a statement to confirm that “certain information” from customers in Chile, Spain and Uruguay was accessed. On the edge reached out to Ticketmaster and Santander with requests for comment but did not receive an immediate response.