Snowflake has claimed it is not responsible for the major data breach that hit Ticketmaster, despite blaming the company for security issues.
Earlier this week, the ticket sales and distribution company reported a data breach in which sensitive information of more than 500 million users was allegedly stolen.
Ticketmaster filed a data breach form with the SEC, saying it “identified unauthorized activity within a third-party cloud database environment containing company data” – which an unnamed spokesperson later said involved Snowflake.
No proof
Now that company denies those claims and has enlisted two cybersecurity firms to back them up.
In a forum thread Posted on June 2, Snowflake representatives said that a preliminary investigation conducted by both CrowdStrike and Mandiant suggested that this was a credential stuffing attack, and not a system vulnerability that was exploited:
“Our most important preliminary findings to date:
we found no evidence to suggest that this activity was caused by a vulnerability, misconfiguration, or breach in the Snowflake platform;
we found no evidence to suggest that this activity was caused by compromised credentials of current or former Snowflake personnel;
this appears to be a targeted campaign targeting users with single-factor authentication;
As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through malware theft,” the announcement reads.
However, researchers did discover that one of the compromised accounts belonged to a former Snowflake employee. This was a demo account and as such did not contain any sensitive data nor could it grant access to such data.
“Demo accounts are not connected to Snowflake’s production or business systems,” the announcement concluded. “The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s business and production systems.”