On May 20, 2024, Live Nation Entertainment, Inc. (“Live Nation”) identified unauthorized activity within a third-party cloud database environment, primarily affecting its Ticketmaster subsidiary. The breach has potentially exposed data of up to 560 million customers. Immediate steps were taken to investigate the incident with the help of industry-leading forensic investigators. On May 27, 2024, a criminal threat actor, known as ShinyHunters, advertised the stolen data on the dark web. Live Nation has since been working to mitigate risks, notify affected parties, and cooperate with law enforcement.
Incident Timeline
May 20, 2024
- Incident Identification: Live Nation detected unauthorized activity within a third-party cloud database environment.
- Immediate Action: An investigation was launched in collaboration with industry-leading forensic investigators to understand the breach’s scope and impact.
May 27, 2024
- Dark Web Listing: A criminal threat actor, ShinyHunters, advertised 1.3TB of stolen customer data for sale on the dark web. The data included sensitive customer information such as names, addresses, emails, phone numbers, the last four digits of card numbers, expiry dates, and ticketing order details.
- Public Disclosure: Live Nation filed an 8-K with the SEC, detailing the incident and the steps being taken to address it.
Threat Actor
ShinyHunters, a known cybercriminal group, claimed responsibility for the breach. They listed the stolen data on the dark web, offering it as a “one-time sale” for $500,000. Screenshots of the dark web advertisement confirmed the extent of the data being sold.
Affected Third Party
The targeted third-party cloud environment was provided by Snowflake, a cloud storage firm. It was reported that a Snowflake employee’s ServiceNow account was compromised using stolen credentials, enabling the attackers to access the Ticketmaster database.
Snowflake’s Response
Snowflake acknowledged an increase in threat activity targeting some of their customers’ accounts. They clarified that these attacks were identity-based, leveraging user credentials exposed through unrelated cyber-threat activities. Snowflake asserted that the activity was not due to any vulnerability or misconfiguration within their product.
Live Nation’s Response
Live Nation has been proactive in addressing the breach:
- Risk Mitigation: Efforts are ongoing to mitigate risks to users and the company.
- Law Enforcement Cooperation: Live Nation has notified and is cooperating with law enforcement agencies.
- Regulatory Notifications: Appropriate regulatory authorities and affected users are being notified about the unauthorized access to personal information.
Operational Impact
Despite the significant data exposure, Live Nation downplayed the breach’s impact on its operations and financial condition. In its SEC filing, the company stated, “As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations.”
Conclusion
Live Nation is committed to addressing the breach and protecting its customers’ data. The company continues to evaluate risks and implement remediation efforts. While the incident has raised concerns, Live Nation remains confident in its ability to manage the situation without significant disruption to its operations.
SEC Filing Excerpt
“On May 20, 2024, Live Nation Entertainment identified unauthorized activity within a third-party cloud database environment containing company data … and launched an investigation with industry-leading forensic investigators to understand what happened. On May 27, 2024, a criminal threat actor offered what it alleged to be company user data for sale via the dark web. We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.”
“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.”
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
