- Ticketmaster said it became aware of a hack after spotting suspicious activity in a third-party cloud database
- Some pointed the finger at Snowflake, which clapped back with preliminary findings from an investigation
- Snowflake encouraged customers to beef up their security protocols anyway
Storage cloud company Snowflake is taking a hard look in the mirror in the wake of a massive Ticketmaster hack that potentially compromised the data of more than half a billion customers.
Ticketmaster’s parent company Live Nation stated in a regulatory filing last week that it first noticed “unauthorized activity within a third-party cloud database environment containing Company data” on May 20. A week later, it said hackers were offering alleged Tickermaster data for sale on the dark web.
Its vague comments about a third-party cloud provider led some to point the finger at cloud storage and database company Snowflake. But Snowflake rejected that assertion.
Brad Jones, Snowflake’s CISO, stated in a blog that while its investigation (conducted with Mandiant and CrowdStrike) “did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee,” that demo account did not contain any sensitive data. Further, he pointed out that the company’s demo accounts “are not connected to Snowflake’s production or corporate systems.”
Its preliminary investigation did find evidence of a targeted threat campaign aimed at “users with single-factor authentication,” and the company warned “threat actors have leveraged credentials previously purchased or obtained through info-stealing malware.”
But Snowflake has yet to find evidence that this activity was caused by compromised employee credentials or by some “vulnerability, misconfiguration or breach of Snowflake’s platform,” Jones said.
Jones urged customers to enforce multi-factor authentication on all accounts and to configure their network policy rules to allow authorized users only.
The timing of the news isn't great for Snowflake, which is kicking off its Data Cloud Summit Monday in San Francisco. We’ll be tuning in to the keynote as well as speaking with some executives around the event, so stay tuned for more updates on this and other Snowflake developments.