Kim Zetter

The ShinyHunters hackers who stole Ticketmaster data from Snowflake account appear to have accessed the data through a contractor named EPAM Systems. EPAM has workers in Belarus, Ukraine and, before the war, Russia. Hacker told me they breached an EPAM worker in Ukraine. EPAM says it found no evidence that the hackers used one of their systems, but data leaked online indicates an EPAM worker in Ukraine was infected with an infostealer, which grabbed credentials for the worker's Ticketmaster Snowflake account. EPAM manages Snowflake accounts for customers. My latest story for WIRED:

https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.

WIRED
Jun 17, 2024 at 4:09pmWeb
Show threadJeremy KirkJun 17, 2024
@kimzetter Good story. I have a question on this part:
"In a phone call this week, Jones told WIRED that Snowflake is working on giving its customers the ability to mandate that users of their accounts employ multifactor authentication going forward."
What did he mean by mandate? Can't customers already turn on MFA? Snowflake offers Duo:
https://docs.snowflake.com/en/user-guide/security-mfa
Multi-factor authentication (MFA) | Snowflake Documentation