Alleged Ticketmaster data breach tied to Snowflake security flaw

Recent reports have brought attention to an alleged data breach involving Ticketmaster, the global ticketing company, following the relaunch of hacking website, BreachForums, and the potential link with a Snowflake security flaw.

As reported by TechDay, personal information of more than 500 million customers has been compromised. While the incident remains under scrutiny, cybersecurity experts have weighed in on the implications and steps for mitigating risks.

Toby Lewis, Global Head of Threat Analysis at Darktrace, provided insights into the matter. This alleged attack on Ticketmaster is an unpleasant reminder that no organisation is immune from cyber threats. However, it's crucial to approach this incident with scepticism until more information is available, as the timing of the data being offered on the relaunched BreachForums site raises questions about its authenticity, noted Lewis. He emphasised the need for confirmation and transparency regarding the accessed data if the breach is confirmed.

Lewis advised customers to take precautionary measures, such as changing passwords and monitoring accounts. He acknowledged the potential fruitlessness of these actions if the attackers still have access or if there is no breach at all. It's advisable to wait for confirmation and follow instructions from Ticketmaster's incident response teams, said Lewis. He recommended that customers should prepare to change their passwords again if necessary.

Highlighting the significance of proactive cybersecurity measures, Lewis stressed the role of artificial intelligence (AI) in preventing such attacks. Cybersecurity should be at the forefront of businesses' technology strategy. AI tools can automate prevention and response protocols, enabling proactive defence, he explained. Until more concrete details emerge, he urged customers to remain vigilant but not to jump to conclusions about the breach's scale or impact.

Further commentary from Brian Soby, CTO and Co-founder of AppOmni, shed light on a related security issue involving Snowflake, a prominent cloud storage company. Soby indicated that breaches at both Ticketmaster and Santander could be linked to an attack on Snowflake. The incident playing out at Snowflake is due to the same issue we're seeing across the market: companies are not incorporating the security of their SaaS applications into their security architectures, stated Soby.

Soby warned against partial solutions that do not integrate comprehensive SaaS security posture management (SSPM). These partial solutions not integrating SSPM fail to stop a major source of modern data breaches. Incomplete solutions can be trivially bypassed due to poor application security posture, he stated.

Adding to the discourse, Nitin Sonawane, Chief Product Officer and Co-founder of Zilla Security, highlighted an uptick in cyber threat activity targeting Snowflake accounts. Notably, the breach at Ticketmaster resulted in the leakage of data from 560 million customers. Sonawane pointed out vulnerabilities related to accounts not protected by multi-factor authentication (MFA). He advised enabling SSO and MFA for all Snowflake accounts and ensuring account passwords are removed as per Snowflake's documentation.

Sonawane recommended to identify any Snowflake accounts created outside the enterprise Identity Platform with a static password and scan the environment for compromised activity using Snowflake's suggested queries.

As these incidents continue to unfold, cybersecurity experts underscore the necessity for businesses to bolster their security measures, integrate comprehensive SSPM solutions, and ensure strict adherence to secure authentication protocols. In the meantime, customers are advised to remain cautious and follow guidance from the involved organisations.