* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, October 2, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    STELLA Automotive AI Appoints Fred Seidelman as Chief Technology Officer – Yahoo Finance

    STELLA Automotive AI Appoints Fred Seidelman as New Chief Technology Officer

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Four Strategic Signals Technology Leaders Are Tuning In To – SPONSOR CONTENT FROM ARM – Harvard Business Review

    Four Essential Strategic Signals Every Technology Leader Should Watch

    Virginia Tech hosts annual New Music + Technology Festival this week – Cardinal News

    Virginia Tech Kicks Off Exciting Annual New Music and Technology Festival This Week

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Major airline to offer new in-flight entertainment options for passengers – PennLive.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    Penn State-Themed Restaurant and Entertainment Spot Happy Valley Live Set to Open in State College – StateCollege.com

    The Police Made Chart History With This 1979 Hit Nearly 50 Years Ago – Yahoo

    How The Police Changed Music Forever with Their Iconic 1979 Hit Nearly 50 Years Ago

    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

    Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

    Steampunk Metal Oval Technology Sense Sunglasses Personality Handmade Chain Multicolor Sunglasses UV400 – The San Joaquin Valley Sun

    Steampunk Metal Oval Sunglasses with Handmade Multicolor Chain – Bold UV400 Protection and Unique Style

    STELLA Automotive AI Appoints Fred Seidelman as Chief Technology Officer – Yahoo Finance

    STELLA Automotive AI Appoints Fred Seidelman as New Chief Technology Officer

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Saving Energy and Money with Smart Technology – Terms of Service with Clare Duffy – Podcast on CNN Podcasts – CNN

    Four Strategic Signals Technology Leaders Are Tuning In To – SPONSOR CONTENT FROM ARM – Harvard Business Review

    Four Essential Strategic Signals Every Technology Leader Should Watch

    Virginia Tech hosts annual New Music + Technology Festival this week – Cardinal News

    Virginia Tech Kicks Off Exciting Annual New Music and Technology Festival This Week

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Major breaches allegedly caused by unsecured Snowflake accounts

June 4, 2024
in Technology
Major breaches allegedly caused by unsecured Snowflake accounts
Share on FacebookShare on Twitter

Significant data breaches at Ticketmaster and Santander appear to have been orchestrated through careful targeting of the victims’ Snowflake cloud data management accounts


Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 03 Jun 2024 16:45

Significant data breaches at online ticketing platform Ticketmaster and consumer bank Santander appear to be linked to the abuse of unsecured accounts held with cloud data management platform Snowflake, it has emerged over the past few days.

The Ticketmaster breach – confirmed on Friday 31 May by parent organisation Live Nation – saw the personal details of over 550 million customers stolen, including names, addresses, phone numbers and some credit card details.

The ongoing incident at Santander has seen the data of customers in Spain and Latin America stolen, as well as personal information on some previous and all current employees of the bank, numbering 200,000 people worldwide and about 20,000 in the UK.

Both incidents have been claimed by a group known as ShinyHunters – which also operated the BreachForums site that was recently taken down by police but appears to still be operating with impunity. The cyber criminals are demanding a half-a-million dollar ransom from Ticketmaster and two million dollars from Santander.

Although Snowflake was not explicitly named by either organisation, the firm confirmed it was investigating a “targeted threat campaign” against customer accounts, with assistance from CrowdStrike and Mandiant.

In a statement, Snowflake said: “We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration or breach of Snowflake’s platform. We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel.

“This appears to be a targeted campaign directed at users with single-factor authentication. As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware.”

Personal credentials

It additionally confirmed it had found some evidence that a threat actor had obtained personal credentials and accessed demo accounts belonging to a former Snowflake employee, which were not protected by its Okta or multi-factor authentication (MFA) services, but that these accounts were not connected to its production or corporate systems and did not contain any sensitive information.

Snowflake is recommending its customers immediately implement MFA, establish network policy rules to only allow authorised users or traffic from trusted locations, and reset and rotate their credentials. More information, including indicators of compromise, is available here.

Disputed claims

Based on Snowflake’s testimony, the issues would appear to have been caused by cyber security failings at its customers. However, its version of events is very much at odds with other information that has been coming to light over the past few days, much of it contained in a since-deleted blog – which is archived in its entirety here – posted by researchers at Hudson Rock.

Based on a conversation with someone claiming to be a ShinyHunters insider, Hudson Rock said its researchers were told that contrary to Snowflake’s version, the attackers had actually accessed a Snowflake employee’s ServiceNow account using stolen credentials, bypassing Okta protections and generating session tokens that enabled them to steal its customers’ data directly from Snowflake’s systems.

The threat actor shared information suggesting that at least 400 customers had been compromised through its access, and appeared to suggest they had been looking for a payoff from Snowflake rather than its customers – although it’s important to remember it’s never wise to trust the word of a cyber criminal or take their claims at face value.

Identity the vector

Although not a classic example of a supply chain attack – per Snowflake’s reading of events – the incidents at Ticketmaster and Santander hold much in common with other supply chain attacks, including the use of identity compromises as an access vector.

“This year, we have seen a sequence of breaches that have affected major software-as-a-service [SaaS] vendors, such as Microsoft, Okta, and now Snowflake,” said Glenn Chisholm, co-founder and chief product officer of Obsidian Security.

“The commonality across these breaches is identity; the attackers are not breaking in, they are logging in,” he said. “In incident response engagements we have seen through partners like CrowdStrike, we see SaaS breaches often starting with identity compromises – in fact, 82% of SaaS breaches stem from identity compromises such as spear phishing, token theft and reuse, helpdesk social engineering, etcetera. This includes user identities as well as non-human (application) identities.”

The lessons for users are clear, said Chisholm. SaaS is a highly targeted space with multiple attacks occurring across the spectrum, from nation state attackers to financially motivated hackers such as ShinyHunters. As such, every company using SaaS products needs to implement a SaaS security programme, or review their existing ones.

“Ensure the correct application posture to minimise risk, protect their identities which form the perimeter of your SaaS applications, and secure their data movement,” said Chisholm. “These must be a continuous programme since your applications evolve, configurations change, identities get introduced and attackers change their patterns. In other words, you need automation to scale this across all your SaaS applications.”

Toby Lewis, head of threat analysis at Darktrace, said that even if no Snowflake systems were directly compromised, the supplier could still have done more to prevent the attacks on its customers.

“Cloud providers should encourage better security practices, such as mandatory MFA, even without explicit requirements on them to do so under the shared responsibility model,” said Lewis.

“In essence, it becomes a differentiator when weighing up different cloud providers – pick the one that has secure-by-default practices to enhance overall security.”

Read more on Data breach incident management and recovery


Snowflake: No evidence of platform breach

AlexanderCulafi

By: Alexander Culafi


Ticketek Australia hit by data breach

AaronTan

By: Aaron Tan


From groundfrost to cloud, Cohesity puts SmartFiles on Snowflake

AdrianBridgwater

By: Adrian Bridgwater


Snowflake developer & builder tools showcased at 2023 Summit

AdrianBridgwater

By: Adrian Bridgwater

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366587572/Major-breaches-allegedly-caused-by-unsecured-Snowflake-accounts

Tags: Breachesmajortechnology
Previous Post

Update on Tyler Mickelson After Hangtown Collision

Next Post

97 FTSE 100 firms exposed to supply chain breaches

Alabama man earns world record for 3-foot, 6-inch beard locks – upi.com

Alabama man earns world record for 3-foot, 6-inch beard locks – upi.com

October 2, 2025
How Trump could use a government shutdown to turbocharge his economic agenda – Yahoo Finance

How Trump could use a government shutdown to turbocharge his economic agenda – Yahoo Finance

October 2, 2025
Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

Toni Braxton Is Turning Her Biggest Hits Into Lifetime Movies – Yahoo

October 2, 2025
Reproductive Health Emergency Kits To Be Distributed Saturday At Jacksonville Really Really Free Market – Center for Biological Diversity

Reproductive Health Emergency Kits To Be Distributed Saturday At Jacksonville Really Really Free Market – Center for Biological Diversity

October 2, 2025
Times/Siena Survey: Americans Worry Divisions Cannot Be Overcome – The New York Times

Americans Fear Deep Divisions May Be Impossible to Overcome

October 2, 2025
Oak Ridge Reservation Set for $42M Ecological Restoration, Balancing – Hoodline

Oak Ridge Reservation to Undergo $42M Ecological Restoration and Balancing Effort

October 2, 2025
Mayor green lights Science Center development; residents call it ‘giant win’ for St. Pete – WFLA

Mayor green lights Science Center development; residents call it ‘giant win’ for St. Pete – WFLA

October 2, 2025
A ‘Great Wave’ is rippling through our galaxy, pushing thousands of stars out of place – Live Science

A ‘Great Wave’ is rippling through our galaxy, pushing thousands of stars out of place – Live Science

October 2, 2025
These are the best breweries in New Jersey, according to recent online ranking – Yahoo

These are the best breweries in New Jersey, according to recent online ranking – Yahoo

October 2, 2025
A Tech Expo Shows What China Can Make, but Not Who’ll Buy It All – The New York Times

Inside China’s Tech Expo: Cutting-Edge Innovations Face Uncertain Demand

October 2, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (847)
  • Economy (868)
  • Entertainment (21,742)
  • General (17,369)
  • Health (9,911)
  • Lifestyle (881)
  • News (22,149)
  • People (870)
  • Politics (879)
  • Science (16,078)
  • Sports (21,368)
  • Technology (15,851)
  • World (851)

Recent News

Alabama man earns world record for 3-foot, 6-inch beard locks – upi.com

Alabama man earns world record for 3-foot, 6-inch beard locks – upi.com

October 2, 2025
How Trump could use a government shutdown to turbocharge his economic agenda – Yahoo Finance

How Trump could use a government shutdown to turbocharge his economic agenda – Yahoo Finance

October 2, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version