Ticketmaster and other organizations had their Snowflake accounts claimed to be compromised by a ShinyHunters hacker through the breach of software engineering firm EPAM Systems, supporting a Mandiant report linking some of the breaches to third-party contractor hacks, reports Wired.
Information-stealing malware and remote access trojan deployed against one of EPAM Systems' Ukraine-based employees allowed ShinyHunters to access unencrypted credentials leveraged by the employee to access the Snowflake accounts of the firm's customers, which were then used to infiltrate the Snowflake accounts, including the one owned by Ticketmaster, according to the hacker.
EPAM has dismissed the ShinyHunters hacker's claims but independent security researcher "Reddington" noted the online availability of an infostealer-harvested data repository, including the internal EPAM URL to the Snowflake account of Ticketmaster and the credentials used by the EPAM worker to access Ticketmaster's account.
"This means that anyone that knew the correct URL to [Ticketmaster’s] Snowflake could have simply looked up the password, logged in, and stolen the data" said Reddington.
