Subj : Snowflake says it wasn't to blame for Ticketmaster breach  and it
To   : All
From : TechnologyDaily
Date : Tue Jun 04 2024 10:45:05

Snowflake says it wasn't to blame for Ticketmaster breach  and its security 
pals agree

Date:
Tue, 04 Jun 2024 09:42:10 +0000

Description:
Snowflake says it suffered a credential stuffing attack, but nothing more, so 
it wasn't to blame for Ticketmaster incident.

FULL STORY
======================================================================

Snowflake has claimed it isn't to blame for the major data breach that hit 
Ticketmaster , despite the company blaming it for security weaknesses. 

Earlier this week, the ticket sales and distribution company reported a data 
breach in which sensitive information on more than 500 million users were 
allegedly stolen. 

Filing a data breach form with the SEC, Ticketmaster said that it identified 
unauthorized activity within a third-party cloud database environment 
containing company data" - which an unnamed spokesperson later said related 
to Snowflake . No evidence 

Now, that company is denying these claims, and has brought two cybersecurity 
companies to back them up. 

In a forum thread posted on June 2, Snowflake representatives said an 
preliminary investigation, conducted by both CrowdStrike and Mandiant, 
suggested this was a credential stuffing attack, and not a system 
vulnerability being exploited: 

Our key preliminary findings identified to date: 

we have not identified evidence suggesting this activity was caused by a 
vulnerability, misconfiguration, or breach of Snowflakes platform; 

we have not identified evidence suggesting this activity was caused by 
compromised credentials of current or former Snowflake personnel; 

this appears to be a targeted campaign directed at users with single-factor 
authentication; 

as part of this campaign, threat actors have leveraged credentials previously 
purchased or obtained through infostealing malware, the announcement reads. 

However, the researchers did find that one of the compromised accounts 
belonged to a former Snowflake employee. This was a demo account, and as 
such, did not contain sensitive data, or was able to grant access to such 
data. 

Demo accounts are not connected to Snowflakes production or corporate 
systems, the announcement concluded. The access was possible because the demo 
account was not behind Okta or Multi-Factor Authentication (MFA), unlike 
Snowflakes corporate and production systems. More from TechRadar Pro Hugging 
Face reveals "unauthorized access" to AI model hosting platform Here's a list 
of the best firewalls today These are the best endpoint protection tools 
right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/snowflake-says-it-wasnt-to-blame-for-ti
cketmaster-breach-and-its-security-pals-agree


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.