How a lack of basic security allowed half a billion customer records to be compromised

Photograph of a snowflake sitting on a green lead and unfocused background. Parmenion's Spotlight on Infosec logo sits in the middle
For financial professionals only

In early June, hacking group Shiny Hunters claimed to have gained access to Ticketmaster and Santander’s customer data stored on Snowflake, an AI cloud storage provider.

Ticketmaster later confirmed a data breach of 560 million customer accounts, with Shiny Hunters claiming the data included full names, addresses, phone numbers, and partial credit card numbers.

Santander was also attacked (although no UK customer details were accessed) with hackers stealing:

  • 30 million customer records
  • 6 million account numbers, and
  • 28 million credit card numbers.

Shiny Hunters attempted to sell the stolen data on the dark web, with Ticketmaster data going for £400,000 and the Santander data going for £1.6 million.

The role of poor security measures

Snowflake denied it was to blame for the breaches, saying there were no vulnerabilities on their platform. They instead pointed the finger at Ticketmaster and Santander. Namely for having weak security measures by only relying on usernames and passwords to protect their data.

Snowflake did admit a previous employee’s demo account, protected only by a username and password, had been accessed by the hacking group. But it didn’t hold sensitive data, or provide access to that data, as it was separate from their production systems. 

Snowflake suggested the compromises were likely down to threat actors obtaining credentials through info-stealing malware (software that can grab passwords straight out of the fields they've been entered into), or by buying them on online crime forums, coupled with a lack of basic security principles like multi-factor authentication (MFA) on accounts.

What can we learn?

  • Use MFA wherever you can - stop relying on just a username and password to protect your data.
  • Stop reusing passwords - this will just cause you headaches. Sites will inevitably be hacked, and you’ll have need to update your password on multiple sites. 
  • Use a dedicated password manager (don’t store passwords in your browser) – they have increased security over browser password managers. And they’re more likely to protect your data from info-stealing malware.
  • Sign up to breach alerts - Subscribe to so you’ll find out about a breach as soon as possible.
  • Start auditing your accounts - close accounts you don’t need any more (e.g. you’ve stopped using certain sites or a third-party relationship ends). And, if someone leaves your business and they’ve shared a password, remember to update it as soon as possible so they can’t access the account at a later date.  
  • Run a virus scan to check for info-stealing malware - especially if you’ve got kids at home downloading games, apps and/or files on the same network as you.

And if you're a Ticketmaster customer:

  1. Change your password on Ticketmaster, and anywhere else you’ve re-used that password, and start to use strong, unique passwords (with the help of a password manager).

  2. Subscribe to as you’ll get a notification when your information has been leaked online and you can search for your information.

  3. Stay vigilant to phishing attempts – I give some helpful tips on checking the authenticity of emails in this article.

  4. Monitor your accounts and credit cards – don’t autosave banking information on websites, so if the site is hacked, you won’t need to worry about having your card details stolen. 

This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.

Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.  

Speak to us and find out how we can help your business thrive.