Snowflake Claims There’s No Evidence Hackers Used Platform To Attack Ticketmaster

Snowflake, a cloud storage provider, has denied all responsibility for the recent cyberattack on Ticketmaster.

Three days ago, Ticketmaster’s parent company, Live Nation, confirmed that the ticket vendor had been subjected to a significant cyberattack on its systems. At the time, the companies blamed a hacker group named ShinyHunters, which recently performed a similar attack on the Santander banking platform.

Now, according to The Verge, investigators have been able to track the would-be cybercriminals using their Snowflake accounts. But both the cloud storage provider and cybersecurity firms investigating the matter deny the cloud storage provider’s responsibility in the matter.

The outlet is also reporting that a joint statement issued alongside CrowdStrike and Mandiant, two third-party security companies investigating the incident, re-emphasized this lack of fault.

“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” the company said in the statement provided on its website. “Throughout the course of the investigation, Snowflake has promptly informed the limited number of Snowflake customers who it believes may have been affected.”

The statement continued: “We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel. This appears to be a targeted campaign directed at users with single-factor authentication.”

It rounded out its preliminary findings by adding, “As part of this campaign, threat actors have leveraged credentials previously purchased or obtained through infostealing malware; and we did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.”

In response to this statement, Hudson Rock — the security firm behind the initial report involving Snowflake in the cyberattack — pulled down all references to its investigation and issued an official statement on its LinkedIn page.

“In accordance [with] a letter we received from Snowflake’s legal counsel, we have decided to take down all content related to our report,” read the statement.