Ticketmaster Santander Data Breach

Hackers have claimed responsibility for a massive data breach involving Ticketmaster and Santander Bank, potentially affecting over 590 million accounts.

The breach, linked to a Snowflake employee’s compromised credentials, has raised serious concerns about the security of cloud storage services.


The breach reportedly exposed the personal information of 560 million Ticketmaster users and 30 million Santander customers.

The compromised data includes full names, email addresses, phone numbers, and hashed credit card numbers, with some information dating back to the mid-2000s.

The hacker group ShinyHunters has claimed responsibility for the breach and has attempted to sell the data on the dark web for $500,000.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

According to cybersecurity firm Hudson Rock, the breach originated from the stolen credentials of a single Snowflake employee.

The hacker bypassed the authentication service Okta and generated session tokens to access a trove of information stored on Snowflake’s cloud platform.

This method allowed the hacker to infiltrate Ticketmaster and Santander and potentially hundreds of other Snowflake customers, including major brands like AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard.

Snowflake has disputed Hudson Rock’s findings, asserting that the breach did not originate from any vulnerability within its systems.

“In accordance to a letter we received from Snowflake’s legal counsel, we have decided to take down all content related to our report,” Hudson Rock said in a statement on Monday.

The company acknowledged that a former employee’s demo account was accessed using stolen credentials but maintained that this account did not contain sensitive information.

Snowflake emphasized that its production and corporate systems are protected by stringent security measures, including multi-factor authentication, which were not in place for the demo account.

Impact on Santander and Ticketmaster

Santander confirmed that certain customer information in Spain, Chile, and Uruguay had been accessed but stated that no transactional data or credentials that would allow transactions were compromised.

The bank has notified regulators and is cooperating with law enforcement in its investigation.

The ticketmaster has yet to confirm the extent of the breach publicly. However, the cybercriminals claim to have accessed information belonging to more than half a billion customers, including partial credit card details.

The breach has put Ticketmaster under significant scrutiny, with customers and regulators demanding answers.

The breach has highlighted the vulnerabilities associated with cloud storage services and the importance of robust security measures.

The incident has also brought attention to the hacker group ShinyHunters, which has a history of high-profile data breaches, including those involving Microsoft and AT&T.

The group’s activities underscore the growing threat of cyberattacks and the need for continuous vigilance and improvement in cybersecurity practices.

The massive data breaches at Ticketmaster and Santander, linked to compromised Snowflake accounts, serve as a stark reminder of the critical importance of cybersecurity.

Snowflake recently issued guidance on identifying and stopping unauthorized user access.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.