Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

Snowflake Says There's No Evidence Attackers Breached Its Platform To Hack Ticketmaster 23

An anonymous reader shares a report: A Ticketmaster data breach that allegedly includes details for 560 million accounts and another one affecting Santander have been linked to their accounts at Snowflake, a cloud storage provider. However, Snowflake says there's no evidence its platform is at fault. A joint statement to that effect made last night with CrowdStrike and Mandiant, two third-party security companies investigating the incident, lends additional credibility to the claim.

Also, an earlier third-party report saying bad actors generated session tokens and may have compromised "hundreds" of Snowflake accounts has now been removed. Hudson Rock, the security firm behind that report, posted a statement of its own today on LinkedIn: "In accordance to a letter we received from Snowflake's legal counsel, we have decided to take down all content related to our report." A post from Snowflake says, "To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted."
This discussion has been archived. No new comments can be posted.

Snowflake Says There's No Evidence Attackers Breached Its Platform To Hack Ticketmaster

Comments Filter:
  • I thought the report said that it was compromised credentials of an employee that were used to access the data? Like a phishing campaign or social engineering type of attack started this. So vulns or flaws in their software or platform sounds like a red herring. If that was it, they could be now trying to divert attention away from where they may have failed (no MFA(?); poor sec. awareness training; poor monitoring/detection) to somewhere they have not (app sec).
  • by PubJeezy ( 10299395 ) on Tuesday June 04, 2024 @10:51AM (#64522291)
    Let me tell ya a story...

    Imagine you're running a platform. That platform is designed to connect the entire world of entertainment. You know you're building up a massive trove of data on every single aspect of the entertainment industry. And billing information for almost every music fan in the entire country. You know that this is a massively valuable asset and have been planning to monetize it for a while now. After all, we're in the information age, everyone is monetizing data!

    Now imagine folks in government actually start to regulate data brokering making it harder and harder to monetize this " data asset" you've been talking up for years. What if the same way that Google and Facebook monetized all their user data (up to about 2015) is no longer legal? You'd have to come up with more clever ways to get that data to 3rd parties that can actually monetize it. Okay, we'll figure that out later

    And then the feds swoop in. This wasn't unexpected. But you know how it ends. You will settle the lawsuit but part of it will include opening up your books and quite possibly placing a few government auditors within your business to monitor your day to day actions. Crap. Now how are you going to monetize this data? Once you settle the DOJ lawsuit, your company will be paralyzed by regulatory surveillance. If only there was a way to get this data out of the company before that deal is signed.


    And back to reality:
    Personally, I think some of these these high-profile breaches at companies with a history of non-compliance are inside jobs. Between law enforcement and regulations, creepily monetizing user data has become harder and harder. While at the same time, data breaches are becoming more and more prevalent.

    Snowflake was doing their security and they weren't breached. That could mean that it wasn't a break-in, they were let in.

    I believe some data breaches are a means of covering up illegal data exfiltration. And I think this is one of 'em.
    • by Slayer ( 6656 )

      I could imagine such a line of reasoning with Ticketmaster, but to be honest not with Santander. A large bank has so much more to lose in a data breach, and this includes not just the data itself, but also the bank's reputation as a safe haven for client funds. Had this been Ticketmaster and AirBnB, then I'd believe every word you write.

      So we are most likely back to "never attribute to malice what you can also attribute to incompetence". The main question remains, whether that incompetence affected two very

      • Let me tell you a story about a man who owns a bank:

        He made a bunch of money in the 80's and he ended up managing a banking charter and it was a license to print money for years. But margins kept getting slimmer. Regulations kept shrinking his profit margins and limiting the money he could accept.

        This bank has been his life for decades. It's all he has. It's all he is. And it's just not making any money. So he cuts a corner. Takes some money he shouldn't. And it works. his bank will live.

        He can be legit
        • by Slayer ( 6656 )

          Yes, this may all happen to a small bank, but Santander is huge. They will do some crooked things, pay some fines, and in the end make a profit, that's the normal way of doing business for large banks. The will, however, not leak massive amounts of data just to arrest a few bad folks. All that data in the wrong hands can cause a lot more trouble than all the bad folks they may now have plausible deniability for.

          Look at banks from the other side: they're pathologically addicted to Microsoft's products throug

          • "But Santander is huge"

            Huh? They're not a particularly large bank and much larger banks have been found guilty of money laundering for international cartels.

            HSBC seems to be about 20x the size of Santander and this happened: https://www.justice.gov/opa/pr... [justice.gov]

            I find your incredulity implausible.
  • ...is not evidence of absence!

  • Of course if an attacker is really good, they'll try very hard to never leave any evidence that they were there. That way their activities can never be traced back to them, and their intermediate victims, those like Snowflake through which they operate, should never become suspicious enough to harden their systems which might inconveniently keep the attacker out.
  • at least none that'll be made public

  • That's what everyone would say to defend their business. What we need is a CIRT team to perform an independent assessement of the situation.

  • Out of 560 million accounts there are bound to be at least a few hundred Gmail "plus addresses" in there, i.e.: username+yourshittybusinessordomainname@gmail.com

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...