Snowflake says it wasn’t to blame for Ticketmaster breach — and its security pals agree

Mandiant and Crowdstrike are backing Snowflake up on this one

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Snowflake has claimed it isn’t to blame for themajor data breach that hit Ticketmaster, despite the company blaming it for security weaknesses.

Earlier this week, the ticket sales and distribution company reported a data breach in which sensitive information on more than 500 million users were allegedly stolen.

Filing a data breach form with the SEC, Ticketmaster said that it “identified unauthorized activity within a third-party cloud database environment containing company data" - which an unnamed spokespersonlater said related to Snowflake.

No evidence

No evidence

Now, that company is denying these claims, and has brought two cybersecurity companies to back them up.

In aforum threadposted on June 2, Snowflake representatives said an preliminary investigation, conducted by both CrowdStrike and Mandiant, suggested this was a credential stuffing attack, and not a system vulnerability being exploited:

“Our key preliminary findings identified to date:

we have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform;

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

we have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;

this appears to be a targeted campaign directed at users with single-factor authentication;

as part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware,” the announcement reads.

However, the researchers did find that one of the compromised accounts belonged to a former Snowflake employee. This was a demo account, and as such, did not contain sensitive data, or was able to grant access to such data.

“Demo accounts are not connected to Snowflake’s production or corporate systems,” the announcement concluded. “The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.”

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind