Update 6/1/24: Hudson Rock has taken down their report that a hacker breached Snowflake to steal the data, shedding doubt on the hacker’s claims.
Snowflake has claimed it isn't to blame for the major data breach that hit Ticketmaster, despite the company blaming it for security weaknesses.
Earlier this week, the ticket sales and distribution company reported a data breach in which sensitive information on more than 500 million users were allegedly stolen.
Filing a data breach form with the SEC, Ticketmaster said that it “identified unauthorized activity within a third-party cloud database environment containing company data" - which an unnamed spokesperson later said related to Snowflake.
No evidence
Now, that company is denying these claims, and has brought two cybersecurity companies to back them up.
In a forum thread posted on June 2, Snowflake representatives said an preliminary investigation, conducted by both CrowdStrike and Mandiant, suggested this was a credential stuffing attack, and not a system vulnerability being exploited:
“Our key preliminary findings identified to date:
- we have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform;
- we have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;
- this appears to be a targeted campaign directed at users with single-factor authentication;
- as part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware,” the announcement reads.
“Demo accounts are not connected to Snowflake’s production or corporate systems,” the announcement concluded.
No comments:
Post a Comment