A massive data breach at cloud storage firm Snowflake has exposed 560 million Ticketmaster accounts, along with data from numerous other companies. The breach originated from a successful spear-phishing attack on an EPAM Systems employee in Ukraine.

The hacker group ShinyHunters has claimed responsibility for the breach, which affected 165 Snowflake customers including Santander, Lending Tree, and Advance Auto Parts. The attackers exploited an infected computer belonging to a Belarusian contractor at EPAM Systems, a software engineering firm with $4.8 billion in revenue.

The breach occurred through the following sequence:

• Hackers targeted an EPAM employee with a spear-phishing attack
• Malware was installed on the employee's computer
• Attackers accessed unencrypted credentials for customer Snowflake accounts
• Lack of multi-factor authentication allowed direct access to sensitive data

While EPAM disputes their involvement, Live Nation (Ticketmaster's parent company) confirmed the data theft from their Snowflake account in May 2024. The hackers have since released a preview of the stolen database on dark web forums, claiming to have 560 million Ticketmaster customer accounts for sale.

The ShinyHunters group, named after the Pokemon gaming franchise, has been active since 2020 and is known for major breaches of companies including Microsoft, AT&T, PlutoTV, and Santander.

Related Articles

Previous Articles