Hackers have detailed their process of breaching Ticketmaster and other Snowflake customers, revealing how a single compromise of a Belarusian contractor led to massive data theft affecting 560 million accounts.

Photo Credit: Mikhail Fesenko

The breach impacted 165 Snowflake customers, including major companies like Santander, Lending Tree, and Advance Auto Parts. The hacker group ShinyHunters, active since 2020, targeted EPAM Systems, a software engineering firm with $4.8 billion in revenue, using a sophisticated spear-phishing attack.

An EPAM employee in Ukraine fell victim to info-stealer malware, allowing hackers to install a trojan and access unencrypted credentials for customer Snowflake accounts. The breach was possible due to the absence of multi-factor authentication on Snowflake accounts.

The Attack Process:

• Initial breach via spear-phishing attack on EPAM employee
• Installation of trojan malware
• Discovery of unencrypted Snowflake credentials
• Access to multiple customer accounts including Ticketmaster
• Data theft and sale on dark web forums

Live Nation, Ticketmaster's parent company, confirmed the data breach from their Snowflake account in May 2024. Hackers have released a preview database on dark web forums, claiming to have 560 million Ticketmaster customer accounts for sale.

Related Articles

Previous Articles