A massive data breach at cloud storage firm Snowflake has exposed 560 million Ticketmaster accounts, with hackers detailing how they exploited vulnerabilities through a third-party contractor.

The breach, which affected 165 Snowflake customers including Santander, Lending Tree, and Advance Auto Parts, originated from a compromised EPAM Systems employee account. EPAM is a major software engineering firm with $4.8 billion in revenue that manages Snowflake data storage solutions for various clients.

The hacker group ShinyHunters executed the breach through a spear-phishing attack on an EPAM employee in Ukraine. After infecting the employee's computer with malware, they gained access to unencrypted credentials used to manage customer Snowflake accounts, including Ticketmaster's data.

The attack was particularly successful because Snowflake accounts lacked multi-factor authentication requirements. While EPAM disputes their role in the breach, Live Nation (Ticketmaster's parent company) confirmed the data theft from their Snowflake account in May 2024.

ShinyHunters, named after the Pokemon gaming franchise, has been active since 2020 and is responsible for numerous high-profile breaches, including:

• Microsoft
• AT&T
• PlutoTV
• Animal Jam
• Mashable
• Mathway
• Santander
• Wattpad

The compromised database, now being sold on dark web forums, reportedly contains 560 million Ticketmaster customer accounts.

Related Articles

Previous Articles