Ticketmaster and several other Snowflake customers hacked

In the Ticketmaster breach, the specific data that was compromised includes names, addresses, phone numbers, and partial credit card details of 560 million customers1. The breach also exposed ticket sales, event information, and order details.

Snowflake has recommended several measures to its customers to prevent further incidents:

1. Enable Multi-Factor Authentication (MFA): Snowflake urges its customers to ensure that all their accounts are protected with MFA. This adds an extra layer of security to the login process, making it more difficult for unauthorized users to access the account even if they have the password.

2. Review Indicators of Compromise (IoCs): Snowflake has provided IoCs to its customers, which are signs that an account has been compromised. Customers are advised to check their accounts for these signs, which include unusual login activity, changes to user profiles, and unauthorized data access1.

3. Follow Security Best Practices: Snowflake encourages its customers to follow best practices for data security2. This includes regularly changing passwords, using strong and unique passwords, and limiting access to sensitive data.

4. Investigate Potential Threat Activity: Snowflake has provided guidelines to its customers on how to investigate potential threat activity within their Snowflake customer accounts1. This includes monitoring login attempts, checking for unusual IP addresses, and detecting anomalies in user behavior.

5. Reset and Rotate Snowflake Credentials: As a precautionary measure, Snowflake recommends that impacted organizations reset and rotate their Snowflake credentials to ensure that any potentially compromised credentials are no longer valid.

By following these measures, Snowflake customers can significantly reduce the risk of unauthorized access to their accounts and protect their data from potential threats.