Security Market Segment LS
Sunday, 02 June 2024 18:53

"Not us" - Snowflake claims wrongly implicated in Ticketmaster leak Featured


Entertainment giant Live Nation revealed last week it was the victim of a cyber attack that compromised user data. An analyst report - since removed - alleged the breach occurred through the data cloud platform Snowflake, an allegation Snowflake stringently denies.

560 million Ticketmaster customers may have their details released through a cyber breach, with a massive 1.3 terabytes of customer data - including names, addresses, credit card numbers, phone numbers, and payment details.

Hacking group ShinyHunters is claiming responsibility, and what's more, is asking Ticketmaster to pay a ransom of half a million US dollars ($AUD 750,000) or the data will be made public.

While details are still coming in, the leak appears to have occurred through a compromised Snowflake data cloud credential. This led to Israeli research firm Hudson Rock asserting Snowflake itself had been compromised, and that Snowflake customers must be wary. Snowflake adamantly denies it has suffered any breach. Hudson Rock has since removed its report, with no trace now found anywhere on its website - but not before news outlets and other analysts ran with it, incorrectly asserting Snowflake itself had been breached. Current thinking is that a Ticketmaster developer's credentials were exposed through a different product, and, alas, without MFA protection on their Snowflake account.

Snowflake has stated in no uncertain terms:

  • there is no evidence in any way that the Ticketmaster breach was caused by any vulnerability, misconfiguration, or breach of Snowflake's product
  • Snowflake does not believe it was the source of leaked credentials
  • there is no facility that allows people to exfiltrate credentials from Snowflake in any way, such as an API or other means
  • Snowflake is a public-facing cloud product and any person or company can sign up at any time. If a threat actor obtains a customer's credentials through some breach or the customer itself, then that malicious actor can access the customer's data - as would be the case with any breach of credentials for any other product by any other provider

Snowflake continues to remind customers of the value of multi-factor authentication (MFA), something that iTWire also regularly advocates all readers employ for all their accounts across all their products and services.

No matter which organisations were involved, it's a timely reminder to Snowflake administrators to review their account security.

The Australian Cyber Security Centre (ACSC) issued an alert on Saturday 1 June 2024 advocating Snowflake customers to ensure they utilise MFA, disable unused accounts, and review user activity.

Mark Jones, a Senior Partner at Tesserent, a Thales Australia cybersecurity company also stressed “it’s important for organisations to protect sensitive information, safeguard intellectual property, maintain supply chain integrity, ensure compliance with regulations, and mitigate operational risks. Organisations should not only focus on internal controls, but also put a strong focus on managing their third-party suppliers and understand and assess the security risks they may pose."

It's important to note that while Snowflake offers MFA and has a tight integration with Duo, MFA is not automatically enabled on a Snowflake account, and nor can the administrator force it to be on for any specific user. Instead, users must self-enrol into MFA following the instructions here. Administrators can disable MFA if a user loses a device, but the responsibility to turn it on in the first place lies with the user. Although this is not an ideal situation - preferably, an administrator could make MFA mandatory for all their users - it's something Snowflake users can - and should - activate immediately.

The investigation into Ticketmaster's breach is ongoing.



Image by Gerd Altmann from Pixabay

Read 2724 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here

IDC WHITE PAPER: The Business Value of Aiven Data Cloud Solutions

According to IDC, Aiven enables your teams to perform more efficiently, reduce direct infrastructure costs, and provide improved database performance, agility and scalability.

Find out how Aiven makes teams 48% more efficient, allowing staff to focus on high-value activities that drive real business results:

340% 3-year ROI – break even in 5 months (average)

37% lower 3-year cost of operations

78% reduction in staff time for database deployments

Download the IDC White Paper now



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown:





Guest Opinion



Channel News