Ticketmaster mother or father firm Dwell Nation has confirmed that inside information was uncovered in a cyber-attack recognized final month, with risk actors apparently concentrating on a third-party cloud atmosphere.
The ticketing big mentioned in an SEC submitting that almost all of the compromised information got here from its Ticketmaster subsidiary, which chimes with earlier experiences that as many as 560 million of the corporate’s prospects might have been impacted.
“On Might 20, 2024, Dwell Nation Leisure recognized unauthorized exercise inside a third-party cloud database atmosphere containing firm information … and launched an investigation with industry-leading forensic investigators to know what occurred,” the 8-Okay submitting famous.
“On Might 27, 2024, a felony risk actor supplied what it alleged to be firm consumer information on the market by way of the darkish internet. We’re working to mitigate threat to our customers and the corporate, and have notified and are cooperating with regulation enforcement. As acceptable, we’re additionally notifying regulatory authorities and customers with respect to unauthorized entry to non-public info.”
That “felony risk actor” is called ShinyHunters. In response to screenshots of the darkish internet advert, they’re promoting 1.3TB of stolen buyer information, together with names, addresses, emails and telephone numbers, the final 4 digits of card numbers and expiry dates, ticketing order particulars and way more. The trove is on provide as a “one-time sale” for $500,000.
Learn extra on information breaches: US Smashes Annual Information Breach File With Three Months Left
Dwell Nation confirmed to varied retailers that cloud storage agency Snowflake is the third occasion whose atmosphere was focused within the breach. An identical incident at Spanish financial institution Santander originated from the identical supply, it has been claimed.
In a since-removed weblog publish, safety researchers at Hudson Rock reported that the risk actor focused a Snowflake worker’s ServiceNow account with stolen credentials, enabling them to subsequently entry the Ticketmaster database.
Nonetheless, a publish from Snowflake on Sunday defined that a rise in risk exercise “concentrating on a few of our prospects’ accounts” is right down to “ongoing industry-wide, identity-based assaults” designed to exfiltrate buyer information.
“Analysis signifies that most of these assaults are carried out with our prospects’ consumer credentials that had been uncovered by way of unrelated cyber-threat exercise,” the publish continued. “So far, we don’t consider this exercise is brought on by any vulnerability, misconfiguration or malicious exercise throughout the Snowflake product.”
Apparently, regardless of the purportedly giant variety of prospects affected by the incident, Dwell Nation performed down its operational and monetary impression on the agency.
“As of the date of this submitting, the incident has not had, and we don’t consider it’s moderately prone to have, a fabric impression on our general enterprise operations or on our monetary situation or outcomes of operations,” its SEC submitting concluded. “We proceed to judge the dangers and our remediation efforts are ongoing.”
