The Arkana Safety extortion gang briefly listed over the weekend what gave the impression to be newly stolen Ticketmaster information however is as a substitute the information stolen in the course of the 2024 Snowflake information theft assaults.
The extortion group posted screenshots of the allegedly stolen information, promoting over 569 GB of Ticketmaster information on the market, inflicting hypothesis that this was a brand new breach.
Supply: BleepingComputer
Nonetheless, BleepingComputer has decided that the information proven within the Arkana submit match samples of Ticketmaster information we beforehand noticed in the course of the 2024 Snowflake information theft assaults.
Moreover, one of many photographs had the caption “rapeflaked copy 4 fast sale 1 purchaser,” which is a reference to a device named “RapeFlake.”
RapeFlake is a customized device created by the risk actors to carry out reconnaissance and exfiltrate information from Snowflake’s databases.
As beforehand reported, the Snowflake assaults focused many organizations, together with Santander, Ticketmaster, AT&T, Advance Auto Components, Neiman Marcus, Los Angeles Unified, Pure Storage, and Cylance. These assaults had been claimed by an extortion group often called ShinyHunters.
These assaults had been carried out utilizing compromised Snowflake credentials stolen by infostealers, which had been then used to obtain firm information to be used in extortion schemes.
Ticketmaster was among the many most generally extorted victims within the Snowflake assault, which led to the theft of private and ticketing info. After the information was provided on the market on-line, the corporate confirmed the breach on the finish of Could and commenced notifying affected prospects.
Following the preliminary leak, the risk actors ramped up their extortion makes an attempt by releasing what they claimed had been print-at-home tickets and even alleged Taylor Swift tickets in a sequence of posts on a hacking discussion board.
Whereas Arkana didn’t specify the origin of the information, the usage of Snowflake references and the file names matching beforehand leaked information signifies that the group was trying to resell outdated stolen information.
Whether or not or not Arkana beforehand bought this information, whether or not the group is made up of risk actors who beforehand had the information, or whether or not they’re working with ShinyHunters to promote it’s unclear.
On June 9, the entry for the Ticketmaster information had been faraway from the Arkana Safety information leak website.
The identify “ShinyHunters” has been linked to a lot of breaches through the years, together with the huge PowerSchool information breach the place information was stolen for 62.4 million college students and 9.5 million academics for six,505 faculty districts throughout the U.S., Canada, and different international locations.
Extra lately, Mandiant tied ShinyHunters to a current marketing campaign focusing on Salesforce accounts, the place risk actors had been breaching accounts to steal buyer information and extort firms.
As quite a few risk actors tied to ShinyHunters have been arrested over the previous three years (1, 2, 3), it’s unclear if that is the unique group or different risk actors claiming to be them to throw off regulation enforcement.
BleepingComputer contacted Arkana and Ticketmaster relating to the itemizing however didn’t obtain a response.
Patching used to imply advanced scripts, lengthy hours, and infinite fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and concentrate on strategic work — no advanced scripts required.
