Not our fault, says CISO: βUNC5537β breached at least 165 Snowflake instances, including Ticketmaster, LendingTree and, allegedly, Advance Auto Parts.
Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums.
Ticketmaster parent Live Nationβwhich disclosed Friday that hackers gained access to data it stored through an unnamed third-party providerβtold TechCrunch the provider was Snowflake. The live-event ticket broker said it identified the hack on May 20, and a week later, a βcriminal threat actor offered what it alleged to be Company user data for sale via the dark web.β
Ticketmaster is one of six Snowflake customers to be hit in the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australiaβs Signal Directorate said Saturday it knew of βsuccessful compromises of several companies utilizing Snowflake environments.β Researchers with security firm Hudson Rock said in a now-deleted post that Santander, Spainβs biggest bank, was also hacked in the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a data breach affecting customers in Chile, Spain, and Uruguay.