Ticketmaster has confirmed recent reports of a data breach in a new filing with the US Securities and Exchange Commission (SEC).
Live Nation (which merged with Ticketmaster in 2010) submitted a new Form 8-K filing in which it said on May 20, it “identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary).”
Subsequent investigation discovered that on May 27, a threat actor tried to sell the stolen data on the dark web.
Snowflake investigates
The filing does not say which third-party cloud database provider Live Nation was referring to, but an unnamed Ticketmaster spokesperson told TechCrunch it was Snowflake. They didn’t detail exactly how Snowflake was breached, but the company does have a breach notification posted on its website.
“Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts,” it said.
“We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data.” The company doesn’t believe to be vulnerable in any way, has any misconfigured systems, or something similar, but instead that it’s a victim of credential-stuffing attacks in which threat actors obtained the necessary information elsewhere.
“Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity.”
Both Snowflake and Ticketmaster confirmed notifying affected individuals, with the latter also saying it notified the police, and is cooperating in the ongoing investigation.
“As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information,” Ticketmaster told the SEC.
Finally, the company said it doesn’t believe the incident will have any material impact on its business operations.