It was impossible to miss the information late last week: the data of several hundred thousand Ticketmaster customers was put up for sale by a cybercriminal. The same would claim to have data relating to tens of millions of Santander customers.
Ticketmaster’s parent company, Live Nation, acknowledged in a statement to the US stock market watchdog that it had identified on May 20 unauthorized activity in the provider’s third-party cloud environment.
On May 27, a data sale was announced as a result of this breach by ShinyHunters. Who claimed, four days later, the compromise of data of 30 million Santander customers.
In exchange with the Hudson Rock teams, the malicious actor who originally claimed to have stolen Santander customer data noted by successfully hijacking a Snowflake employee’s ServiceNow account using compromised credentials. According to the attacker, 400 companies may be affected. He allegedly tried to extort $20 million from Snowflake.
Hudson Rock teams discovered the compromise on a workstation used by a Snowflake employee on October 5 info thief of the family Luma.
For its part, Snowflake conducted the investigation with the help of CrowdStrike and Mandiant. As of May 31, the investigation had not revealed any elements suggesting a vulnerability or defect in the configuration of its platforms.
However, can we read “We found evidence that a threat actor obtained personally identifiable information and accessed demo accounts belonging to a former Snowflake employee.”
According to Snowflake, “these accounts do not contain sensitive data. Demo accounts are not connected to production or enterprise Snowflake systems.”
And if an unauthorized third party managed to access it, it’s “because the demo account is not behind Okta or multi-factor authentication (MFA), unlike Snowflake’s production and enterprise systems.