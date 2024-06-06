In less than a month, both Ticketmaster and Santander Bank have announced data breaches that compromised the information of millions of customers.

In a government filing, Live Nation, which owns Ticketmaster, said that in May it realized that customer data had been accessed through a third-party cloud database provider–now believed to be a company called Snowflake–and was being advertised on the dark web, which includes the online forums where hackers post and sell stolen information. A group called ShinyHunters claimed responsibility for the breach and is reportedly selling the data for $500,000.

Also in May, Spanish bank Santander said that customer and employee information had been stolen in a similar manner. ShinyHunters again claimed responsibility for that attack and reportedly posted for sale bank account details of 30 million customers and other information. According to analysis and reporting by TechCrunch, the breaches appear to have happened through Snowflake, a cloud-services provider used by many large and small businesses to store and analyze proprietary information. On a website selling stolen credentials, TechCrunch found more than 500 usernames and passwords said to be from employees of companies that use Snowflake, which is far more than initial reports suggested.

In a notice, Snowflake said it was investigating “a targeted threat campaign against some Snowflake customer accounts.” The Bozeman, Montana-based company said that the breach was not caused by a vulnerability or error on its part. Instead, Snowflake said the targeted customer accounts did not have multifactor authentication turned on, and the hackers “leveraged credentials previously purchased or obtained through infostealing malware.”