Ticketmaster’s parent company, Live Nation, has acknowledged a breach of the Snowflake cloud database environment but hasn’t said if any South African customers’ data was compromised.
Many large firms, including Live Nation, store and monetise their data on Snowflake servers. On Wednesday, 29 May 2024, hacking group ShinyHunters claimed responsibility for the attack and posted an advert for the data on the dark web.
MyBroadband asked Live Nation if the breach had compromised the data of any of its South African customers.
However, it declined to reveal that information, only saying it would directly inform users if their personal data had been compromised.
“Live Nation launched an investigation with industry-leading forensic investigators to understand what happened,” it said.
“We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement.”
“As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.”
It added that, as of 5 June 2024, the incident had not had any material impact on Live Nation’s business operations or financial position.
“We continue to evaluate the risks and our remediation efforts are ongoing,” it said.
ShinyHunters claims that its data archive includes the names, addresses, phone numbers, and partial credit card details of Ticketmaster customers worldwide.
It is demanding a ransom of $500,000 (R9.2 million), or it will start selling the data to other parties.
The attack wasn’t directly on Ticketmaster or Live Nation but on Snowflake — a cloud-computing firm through which Live Nation stores its data.
As a result, other large firms will likely soon reveal that they have had data stolen.
Snowflake initially denied that it had suffered a widescale breach.
Chief information security officer Brad Jones said the cloud-computing firm is investigating an uptick in cybercriminals targeting its customers.
While attackers had only targeted a limited number of accounts, they secured login credentials to Snowflake’s systems.
He said investigations had also revealed that an unauthorised party accessed a former staff member’s test account.
“We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product,” said Jones.
However, HaveIBeenPwned founder and security researcher Troy Hunt said this isn’t true.
He said Snowflake had suffered a shockingly bad security compromise, which resulted in various data breaches in different locations.
Live Nation isn’t the only major company that had data stolen by the ShinyHunters group.
Banking firm Santander said it also suffered a data breach, with its stolen data being advertised on the dark web.
The data breach came at a busy time for Ticketmaster. The platform is used widely in South Africa, and it recently announced a ticket ballot system for tickets to see the Springboks take on New Zealand in Cape Town in September.
It launched the ballot system to ensure South Africans get equal opportunity to buy tickets, mitigate scalping, and reduce customer frustration.
This is because it expects a large influx of users logging onto its system when ticket sales for the rugby match go live.
“A ticket ballot is used by many sporting bodies across the world and is the fairest way of giving people a chance to purchase tickets,” said Ticketmaster
“This system will also reduce the number of frustrated customers stuck in the queue for what will be a high-demand event.”
Those interested were required to register their interest by 9 June 2024, and Ticketmaster emphasised that registering interest doesn’t automatically secure tickets.
“Successful applicants randomly selected from the draw will be invited to purchase up to four tickets per customer on a first-come, first-served basis,” it said.