Description
A hacker group known as ShinyHunters, claims to have breached Ticketmaster’s systems and exfiltrated a staggering 1.3 terabytes of data belonging to approximately 560 million customers worldwide. Ticketmaster is an event ticket broker owned by the global entertainment company, Live Nation. The compromised data included names, addresses, phone numbers, credit card information, and other payment details dating back to 2011. ShinyHunters is reportedly demanding a ransom of $500,000 for the stolen data.
In an SEC filing on May 31, 2024, Live Nation confirmed an unauthorized intrusion into its network on May 20. Investigations revealed that the threat actors gained access to the Ticketmaster network through Snowflake, a third-party cloud services provider that offers a fully managed data platform for securely storing, analyzing, and sharing data across multiple clouds and regions. This attack vector mirrors the recent breach at Santander, a Spanish bank, where employee credentials were compromised. Notably, over 500 usernames and passwords of employees from companies using Snowflake have been found on the dark web. Snowflake has notified customers that the breach was not due to a vulnerability in its platform but rather a failure to enable multi-factor authentication (MFA) on these accounts. In response to the data breach, a lawsuit was filed on May 29 by one of the affected victims against Ticketmaster and Live Nation.
Basis of the Case
The lawsuit was filed in the U.S. District Court for the Central District of California. In the suit, the Plaintiffs claim the data breach resulted from the Defendant’s failure to implement adequate cybersecurity measures. They assert the Defendants had a duty to safeguard this private information under case law, industry standards, and statutes like the Federal Trade Commission Act. As a result of the breach, Plaintiffs and Class Members claim to have suffered losses, including out-of-pocket expenses, emotional distress, and an increased risk of future harm due to the compromise of their private information.
Call to Action
As stated by Snowflake, enforcing multi-factor authentication (MFA) for all employee accounts accessing sensitive systems and data could have made it much harder for the attackers to gain initial access. Passwords are too easily compromised today, as password-stealing tools are readily available on the dark web, and credential stuffing attacks are all too common. Cybercriminals can even shop for credentials to purchase from the dark web. MFA adds an extra layer of security to the authentication process by requiring users to provide more than just a password by combining two or more independent factors to verify a user’s identity.
With so many networks being accessed through third-party vendors, companies must regularly assess the security posture of all their contracted vendors and service providers to confirm their adherence to strict security standards and best practices. They should then implement strict access controls, regular audits, and proper configuration of cloud storage and services to prevent unauthorized access. While data encryption would not have stopped the actual attack, it would have made the compromised data unreadable for the attackers.
For more guidance concerning authorization strategies and improving third-party risk management (TPRM), organizations should consider reviewing their security and risk posture.