The connection between the cyber attack on Ticketmaster and the hacking of a former Snowflake employee’s demo account is becoming clearer. The cloud data warehouse specialist does not make a direct correlation between these two events but rather encourages its customers to upgrade their cybersecurity by enabling multi-factor authentication.
The hacking of the global online ticketing giant Ticketmaster, which resulted in a massive data breach – affecting 560 million users – continues to make headlines. « We have found evidence that a cybercriminal obtained personal identification information and accessed demo accounts belonging to a former Snowflake employee, » the publisher explained last week. « These accounts did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or enterprise systems. Access was possible because the demo account was not behind Okta or multi-factor authentication (MFA), unlike Snowflake’s production and enterprise systems. »
Since early June, the spotlight has been on the cloud data warehouse provider, although Ticketmaster’s CISO has not officially linked its partner to the data breach affecting hundreds of millions of customers. Snowflake, on the other hand, continues its investigations and has relied on Crowdstrike and Mandiant for support. While the publisher acknowledges a breach in one of its systems, it does not make a direct connection to the cyber attack on Ticketmaster. It goes even further by putting pressure on its customers to enhance their cyber defense. « We are also developing a plan to require our customers to implement advanced security controls, such as multi-factor authentication (MFA) or network policies, especially for privileged Snowflake customer accounts. At the same time, we continue to engage firmly with our customers to help them enable MFA and other security controls as an essential step in protecting their business. »
An ongoing investigation and the SEC involved
By acting in this way, is Snowflake trying to evade its potential responsibilities following the Ticketmaster hack? Nothing is certain, but a few days later, other customers of the provider, including QuoteWizard (an insurance comparison site) and a subsidiary of LendingTree (an online lending platform), also reported data breaches after failing to use MFA to secure their accounts. This situation prompted Snowflake’s CEO Sridhar Ramaswamy to personally address the delicate situation: « It is clear that we need to do something about it, » said Snowflake’s CEO in an interview last Thursday. « I think making MFA automatic is the next logical step we need to take. »
However, it remains to be seen what exact role the compromised account of a former Snowflake employee played in this matter. Establishing this seems complicated for now because it is still unknown what data was stored there, or if it contained information from other Snowflake customers, as the publisher has not yet provided any public information on this. Similarly, clarifying what it meant by « sensitive data » from the demo account in question. With the SEC notified and an investigation underway, Snowflake is expected to be more forthcoming with details about this hack in the coming days.