The Rubik Cube Turns 50
© Akos Stiller for The New York Times
© Akos Stiller for The New York Times
Last week on Malwarebytes Labs:
Last week on ThreatDown:
Stay safe!
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
The cybercriminal acting under the name “Sp1d3r” gave away the first 1 million records that are part of the data set that they claimed to have stolen from Ticketmaster/Live Nation. The files were released without a price, for free.
When Malwarebytes Labs first learned about this data breach, it happened to be the first major event that was shared on the resurrected BreachForums, and someone acting under the handle “ShinyHunters” offered the full details (name, address, email, phone) of 560 million customers for sale.
The same data set was offered for sale in an almost identical post on another forum by someone using the handle “SpidermanData.” This could be the same person or a member of the ShinyHunters group.
Following this event, Malwarebytes Labs advised readers on how to respond and stay safe. Importantly, even when a breach isn’t a “breach”—in that immediate moment when the details have yet to be confirmed and a breach subject is readying its public statements—the very news of the suspected breach can be used by advantageous cybercriminals as a phishing lure.
Later, Ticketmaster confirmed the data breach.
Bleeping Computer spoke to ShinyHunters who said they already had interested buyers. Now, Sp1d3r, who was seen posting earlier about Advance Auto Parts customer data and Truist Bank data, has released 1 million Ticketmaster related data records for free.
In a post on BreachForums, Sp1d3r said:
“Ticketmaster will not respond to request to buy data from us.
They care not for the privacy of 680 million customers, so give you the first 1 million users free.”
The cybercriminals that are active on those forums will jump at the occasion and undoubtedly try to monetize those records. This likely means that innocent users that are included in the first million released records could receive a heavy volume of spam and phishing emails in the coming days.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check your exposure
While matters are still unclear how much information was involved, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Enlarge (credit: Ric Tapia via Getty)
Hackers who stole terabytes of data from Ticketmaster and other customers of the cloud storage firm Snowflake claim they obtained access to some of the Snowflake accounts by first breaching a Belarusian-founded contractor that works with those customers.
About 165 customer accounts were potentially affected in the recent hacking campaign targeting Snowflake’s customers, but only a few of these have been identified so far. In addition to Ticketmaster, the banking firm Santander has also acknowledged that their data was stolen but declined to identify the account from which it was stolen. Wired, however, has independently confirmed that it was a Snowflake account; the stolen data included bank account details for 30 million customers, including 6 million account numbers and balances, 28 million credit card numbers, and human resources information about staff, according to a post published by the hackers. Lending Tree and Advance Auto Parts have also said they might be victims as well.
Snowflake has not revealed details about how the hackers accessed the accounts, saying only that the intruders did not directly breach Snowflake’s network. This week, Google-owned security firm Mandiant, one of the companies engaged by Snowflake to investigate the breaches, revealed in a blog post that in some cases the hackers first obtained access through third-party contractors, without identifying the contractors or stating how this access aided the hackers in breaching the Snowflake accounts.
Not our fault, says CISO: “UNC5537” breached at least 165 Snowflake instances, including Ticketmaster, LendingTree and, allegedly, Advance Auto Parts.
The post Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked appeared first on Security Boulevard.
In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation’s ongoing monopoly investigation. In the ‘Aware Much’ segment, the […]
The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Shared Security Podcast.
The post Ticketmaster Data Breach and Rising Work from Home Scams appeared first on Security Boulevard.
Snowflake, Inc. says NO, threatening legal action against those who say it was. But reports are coming in of several more massive leaks from other Snowflake customers.
The post Was the Ticketmaster Leak Snowflake’s Fault? appeared first on Security Boulevard.
Ticketmaster and other organizations have been affected by a data breach at cloud AI data platform Snowflake.
The post Snowflake Data Breach Impacts Ticketmaster, Other Organizations appeared first on SecurityWeek.
Last week on Malwarebytes Labs:
Last week on ThreatDown:
Stay safe!
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach.
In a filing with the SEC, Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation.
The third party it refers to is likely Snowflake, a cloud company used by thousands of companies to store, manage, and analyze large volumes of data. Yesterday, May 31st, Snowflake said it had “recently observed and are investigating an increase in cyber threat activity” targeting some of its customers’ accounts. It didn’t mention which customers.
In the SEC filing, Live Nation also said:
On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.
The user data likely refers to the sales ad for 560 million customers’ data that was posted online earlier this week by a group calling themselves ShinyHunters. The data was advertised for $500,000 and says it includes customer names, addresses, emails, credit card details, order information, and more.
Bleeping Computer says it spoke to ShinyHunters who said they already had interested buyers, and believed one of the buyers that approached them was Ticketmaster itself.
Ticketmaster says it has begun notifying its users of the breach. We are likely to hear more in the coming days, and will update you as we do.
For now, Ticketmaster users should keep an eye on their credit and bank accounts for an unauthorized transactions and follow our general data breach tips below.
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
While the Ticketmaster data is yet to be published in full, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
The ShinyHunters hacking group has claimed the theft of 560 million Ticketmaster users’ data on a fresh BreachForums portal.
The post Hackers Boast Ticketmaster Breach on Relaunched BreachForums appeared first on SecurityWeek.
Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users.
The data was offered for sale on one forum under the name “Shiny Hunters”. ShinyHunters is the online handle for a group of notorious cybercriminals associated with numerous data breaches, including the recent AT&T breach.
The post says:
“Live Nation / Ticketmaster
Data includes
560 million customer full details (name, address, email, phone)
Ticket sales, event information, order details
CC detail – customer last 4 of card, expiration date
Customer fraud details
Much more
Price is $500k USD. One time sale.”
The same data set was offered for sale in an almost identical post on another forum by someone using the handle SpidermanData. This could be the same person or a member of the ShinyHunters group.
According to news outlet ABC, the Australian Department of Home Affairs said it is aware of a cyber incident impacting Ticketmaster customers and is “working with Ticketmaster to understand the incident.”
Some researchers expressed their doubts about the validity of the data set:
— CyberKnow (@Cyberknow20) May 29, 2024
Thoughts on the alleged Ticketmaster Data Breach
TLDR: Alert not Alarmed
The Ticketmaster data breach claim has provided BreachForums with the quick attention they need to boost their user numbers and reputation.
The claim has possibly been over-stated to boost… pic.twitter.com/WJsFkBfQbw
While others judged it looks legitimate based on conversations with involved individuals, and studying samples of the data set:
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
— vx-underground (@vxunderground) May 30, 2024
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not…
Whether or not the data is real remains to be seen. However, there’s no doubt that scammers will use this opportunity to make a quick profit.
Ticketmaster users will need to be on their guard. Read our tips below for some helpful advice on what to do in the event of a data breach.
You can also check what personal information of yours has already been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
All parties involved have refrained from any further comments. We’ll keep you posted.
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement a few weeks ago.
At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once again or set up as a lure by law enforcement to entrap more data dealers and cybercriminals.
The administrator of the new forum posts under the handle ShinyHunters, which is a name associated with the AT&T breach and others, and believed to be the main administrator of the previous BreachForums.
Yesterday, ShinyHunters posted a new dataset for sale that allegedly stems from Live Nation/Ticketmaster.
“Live Nation / Ticketmaster
Data includes
560 million customer full details (name, address, email, phone)
Ticket sales, event information, order details
CC detail – customer last 4 of card, expiration date
Customer fraud details
Much more
Price is $500k USD. One time sale.”
But, an avatar and a handle are easily copied, and there are a few things that raised our spidey-senses that something is up.
First, the data set was offered for sale on another dark web forum by a user going by SpidermanData with the exact same text.
Second, this data set seems way too big for its nature. Live Nation and Ticketmaster are big enough to be considered a monopolist, but 560 million users seems like a stretch.
After looking at the shared evidence, security researcher CyberKnow tweeted:
“While there is some new data in the shared evidence there is also old customer information, making it possibly this is a series of data jammed together.”
Third, a new feature is that visitors need to register before they can see any content. Why would the administrators change that?
And, last but not least, would the FBI let the cybercriminals regain control over the domains that easily? That would be quite embarrassing.
So, we dare conclude that this dataset’s goal is to generate some attention and act as a lure to let old forum users know that BreachForums is alive and kicking. But who is running the show, is the question that we hope to answer soon.
Stay tuned for updates on this developing story.
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Our Digital Footprint portal allows you to quickly and easily check if your personal information has been exposed online. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
© Mike Blake/Reuters
© Jutharat Pinyodoonyachet for The New York Times
© Jutharat Pinyodoonyachet for The New York Times
© Jutharat Pinyodoonyachet for The New York Times