Ripples of the Snowflake Breach

Ticketmaster and its parent corporation, Live Nation, are being particularly reticent on details surrounding a data breach against the live events giant.  Aside from the allegations that it is a breach of massive proportions, and that a third-party vendor’s cloud database was compromised, not much is known.  “On May 27, a criminal threat actor offered what it alleged to be company user data for sale via the dark web,” said Live Nation.  Beyond that, neither Live Nation nor Ticketmaster have responded to further questions.

On that same date, however, the dark web marketplace known as BreachForums saw a Ticketmaster customer dataset posted by an admin.  Included were 1.3 TB of data, comprising the personal and financial information of 560 million customers.  After a brief shutdown from law enforcement agencies, the site quickly came back online.

More reports since the incident indicate that the third party breached was Snowflake, a cloud provider with clients such as LendingTree, MasterCard, DoorDash and ExxonMobil.  Following a credential stuffing attack against Snowflake, bad actors were able to access Ticketmaster’s accounts with the provider.  Nor was Ticketmaster the sole firm hit by the aftershocks.  Cyber criminals last week announced their theft of over 3 TB of data from automotive company, Advanced Auto Parts, again through a vulnerable Snowflake account.  Included among the pilfered goods were sensitive company, client and employee data, plus a whopping 380 million customer profiles. 

Snowflake has since claimed that it informed clients of bad actors targeting their accounts, and that these customers’ use of single-factor authentication put them in the crosshairs of cybercrime campaigns.  This assignation of responsibility begs the question, however, of why Snowflake allowed its customers to use the single-factor method.  Many are the avenues for cyber criminals to breach an organization’s data security, and lack of multi-factor authentication is a common one.  With only a password requirement for a login, it becomes easier for hackers to pull off invasive brute force schemes like credential stuffing. 

Even with multi-factor measures in place, of course, it is still a distinct probability that some manner of data breach will strike at your organization.  As part of a broad, well-structured cyber defense strategy, data encryption keeps those who break through from stealing your sensitive data.  NetLib Security’s Encryptionizer solution provides transparent, out-of-the-box encryption for stored data.  With no additional programming required, and minimal impact on system performance, Encryptionizer is there to make your data useless to intruders, even in the event that you have complementary authentication defenses in place.  Don’t be the next name to end up on BreachForums.