Snowflake Denies Responsibility for Ticketmaster, Live Nation Data Breach

Snowflake, a cloud data platform company, has refuted claims that it was responsible for the recent data breach affecting over 500 million Ticketmaster users. This comes after Ticketmaster initially suggested that a security weakness in a third-party cloud database environment was the cause of the breach.

In a forum post on June 2, Snowflake representatives stated that preliminary investigations conducted by cybersecurity firms CrowdStrike and Mandiant found no evidence that the breach was caused by a vulnerability, misconfiguration, or compromise of Snowflake's platform.

Instead, the findings suggest that the incident was a targeted credential stuffing attack, where threat actors leveraged previously obtained credentials from users with single-factor authentication enabled.

"We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel," the announcement stated. "This appears to be a targeted campaign directed at users with single-factor authentication; as part of this campaign, threat actors have leveraged credentials previously purchased or obtained through info-stealing malware."

While the investigators did find that one of the compromised accounts belonged to a former Snowflake employee, the company clarified that it was a demo account not connected to Snowflake's production or corporate systems, and therefore did not contain sensitive data or grant access to such information.

"Demo accounts are not connected to Snowflake's production or corporate systems," the announcement explained. "The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake's corporate and production systems."

Ticketmaster had initially filed a data breach form with the SEC, stating that it had "identified unauthorized activity within a third-party cloud database environment containing company data," which an unnamed spokesperson later attributed to Snowflake.

The contrasting statements highlight the ongoing investigation and differing perspectives on the source of the breach, which exposed sensitive information of over 500 million Ticketmaster users.

As cybersecurity firms continue their investigations, the incident underscores the importance of robust authentication measures and the need for thorough assessments to identify and address potential vulnerabilities in third-party systems and cloud environments.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.