In June 2024, leading online ticket sales and distribution company, Ticketmaster, became the victim of one of the most significant cybersecurity breaches in history. Hacking group ShinyHunters stole 1.3 terabytes of personal data, including contact information, financial details, and ticket purchases belonging to 560 million users. The hackers then offered this data for sale on their own online forum.

ShinyHunters hackers exploited vulnerabilities in Ticketmaster’s cloud storage account with Snowflake to gain access to the information. They hijacked credentials from an employee of a contracting company that worked with Snowflake, and used these credentials to infiltrate Snowflake’s demo environments. Due to a lack of multi-factor authentication (MFA), ShinyHunters hackers were able to steal Ticketmaster’s data from the cloud storage.

Considering the robust cybersecurity infrastructure of companies like Ticketmaster and Snowflake, it’s deeply worrying that prominent organizations can fall prey to such an attack. Sadly, they are becoming more common, as hackers get more creative and persistent in their strategies. However, organizations can ensure preventative measures are put in place to avoid a similar fate, as well as adhere to general best practices to keep themselves shielded in an increasingly dangerous threat landscape.

The Rise of Third-Party Data Breaches

Ticketmaster wasn’t the only company affected by the Snowflake data breach. Shortly after, international bank Santander reported it was also a victim of the same attack. Snowflake Revealed that a number of other major organizations that use the company’s services were affected by the breach, including Anheuser-Busch, Allstate, Progressive and State Farm.

These companies are among a long list of victims of third-party data breaches in recent years. Such data breaches lead to severe financial, legal and reputational consequences as a result of private data from respected companies being compromised. These incidents highlight that internal cybersecurity measures mean very little if critical data is shared with third-party vendors. It’s therefore vital that organizations using third-party software, cloud storage or other external services, are diligent in ensuring third parties have comprehensive cybersecurity measures in place.

Lessons Learned

The ShinyHunters data breaches demonstrate how resourceful hackers have become in understanding how organizations often overlook cybersecurity best practices. But with every cybersecurity breach comes an opportunity to teach others how to prevent another successful exploit.

Here are some essential best practices to consider when developing cybersecurity awareness training for an organization:

• Mandate multi-factor authentication: ShinyHunters hackers were able to gain access to Snowflake’s systems due to lack of MFA. Passwords alone are no longer enough to keep hackers from gaining access to systems, and even complex passwords can be retrieved using techniques like social engineering. MFA is an important secondary security measure to ensure verified account holders are the only ones gaining access — and it also has the added benefit of notifying the account holder that someone is attempting to log in should their password be compromised.

• Use passkeys where possible: Passkeys can make password theft much more difficult for threat actors by using public key cryptography. A public/private key pair is generated when establishing a new passkey with an online service. The private key is only available on a device owned by the user, and the authentication challenge response is unique for each login. This means that there are no passwords to be stolen on the service side of the login process. Passkeys are also usually URL-bound, meaning reverse-proxy phishing kits are ineffective here.

• Invest in third-party risk management: Businesses are usually dependent on third-party software and service providers for critical business processes. While working with third-party providers is useful, it’s essential for businesses to perform their due diligence to ensure said third parties follow security protocols and comply with industry regulations. Investing in third-party risk management can help businesses avoid using any software or services that could potentially put customers and business continuity at risk.
• Conduct regular security audits: Even if you trust your third-party vendors, it’s always a good idea to verify they’re following best practices. Conducting regular security audits can enable businesses to regularly expose any vulnerabilities that could be exploited. This can ensure third-party vendors are consistently fixing any potential risks that hackers typically search for, while also improving the safety of their products and services.
• Encrypt all sensitive data: Encryption helps make information unreadable for unauthorized users, making it incredibly difficult for hackers to obtain any value from it. Keeping sensitive information encrypted can provide an important layer of security in the event that hackers manage to steal data at rest or in transit.
• Create an incident response plan: Even organizations with comprehensive cybersecurity measures in place can still be breached. Ensure to perform regular testing and manage any third-party components. Having an established incident response plan can help mitigate the negative consequences of a data breach, and quickly resolve problems before they evolve.
• Invest in training: It is important to continously educate the workforce on cybersecurity awareness to keep the organization safe. Organizational people must be taught what to look out for and how to respond. This can go a long way in complementing the various technical defenses and policies that have been adopted.

The ShinyHunters data breaches are a stark reminder that any and every company is vulnerable to a cyberattack. As more organizations grow increasingly dependent on digital infrastructure and third-party components, business leaders must be proactive in cutting off pathways for similar attacks by implementing cybersecurity awareness training. Organizations can feel more secure and safe with these best practices to maintaining awareness of the evolving threat landscape.