Ticketmaster’s multi-million customer data breach might not be the only major hack this week, as reports Friday indicated that at least one major bank and seven other companies could have been affected.
All of the impacted brands a hacker claims to have accessed appear to have been using a cloud storage platform called Snowflake. The list of companies using Snowflake include Santander, State Farm and Anheuser-Busch.
The news of the alleged hack first appeared on Wednesday, with the data of around 560 million Ticketmaster customers reportedly breached and up for sale online. The company is still yet to respond to a request for comment from Newsweek.
Cybercrime intelligence solutions company Hudson Rock says it has spoken to the so-called threat actor in this case, who reportedly said the information of Santander customers was also up for sale.
Getty Images
Which companies have been breached?
It has been widely reported that Ticketmaster has experienced a large data breach, with around 1.3 terabytes of data up for sale online for around $500,000.
Other companies the threat actor reportedly said he gained access to in the breach include:
- Advance Auto Parts
- Allstate
- Anheuser-Busch
- Mitsubishi
- Neiman Marcus
- Progressive
- Santander
- State Farm
The threat actor spoken to by Hudson Rock claimed the number of companies affected may actually be a far greater number.
Who is behind the hacking?
While the identity of those involved in the hack remains a mystery, the group selling the data was named as ShinyHunters, a group with a history of data breaches.
Its last reported data breach came with 200,000 Pizza Hut customers seeing their information compromised in September 2023.
The person who spoke with Hudson Rock said that there was one source for the hack affecting all the mentioned companies: a cloud storage company called Snowflake.
They reportedly used a Snowflake employee’s account using stolen credentials, before generating multiple tokens to extract large amounts of stored data.
What has Snowflake said?
On Friday, Snowflake addressed the reports, stating that it was aware of the issue, which it was made aware of on May 23. The breach stretches back into mid-April the company said.
“Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts,” the company said in a statement. “We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data.
“Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity.”
The company added that there was no evidence that there was any vulnerability in its systems, despite the method by which data was reportedly taken.
What are the affected companies saying?
Ric Tapia/Getty
Newsweek asked all the companies mentioned above for comment on the alleged hacking on Friday afternoon.
Ticketmaster is yet to respond to multiple requests, first made Wednesday.
Mitsubishi US told Newsweek it was not aware of any issues and that it could be affecting another part of the brand.
Santander is yet to respond to a request for comment from Newsweek, but the company said earlier this month that it was aware of the issue.
“We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers,” Santander said on May 14.
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed.”
No transaction data had been accessed, the bank added.
Newsweek will update this story as and when other companies respond to requests for comment.
What should customers do?
Speaking with Newsweek on Thursday, cyber security expert at Bridgewater State University Michelle Stanfield said it was important for all customers to perform some cyber hygiene, even if it is unconfirmed they have been targeted.
She encouraged everyone to regularly change passwords and to use credit protection tools through websites such as Experian and TransUnion.
In its update, Snowflake urged its customers to review their log-in credentials and to make sure they are using multi-factor authentication to access accounts.
Uncommon Knowledge
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.
