Password manager maker LastPass says hackers stole customer support case data during Klue breach


Password manager maker LastPass is notifying customers that their personal information and customer support case records were stolen during a recent hack at one of its technology partners, marking the company’s latest data breach in recent years.

In an email shared with TechCrunch from an affected customer, LastPass said the breach occurred at market research firm Klue, and not its own systems. However, hackers abused their access to obtain reams of data about LastPass customers.

LastPass is the latest in a growing list of cybersecurity companies that have reported data thefts as a result of the breach at Klue, which the company disclosed last week. Several other affected companies include HackerOne, Recorded Future, and Tanium.

In a blog post that shared information about the incident, LastPass said the hackers took customers’ names, phone numbers, email addresses, physical addresses, as well as customer support case data and sales-related data.

LastPass said the company’s own infrastructure was unaffected, including customers’ password vaults.

It’s not yet known what was in the contents of customer support tickets, although they likely contain fragments of potentially private or sensitive information. Customers typically contact customer service when they are having a billing issue or need assistance in gaining access to their accounts. Past incidents involving customer support tickets have included credentials and government-issued identity documents.

Spokespeople for LastPass did not immediately respond to TechCrunch’s request for comment, or questions about the incident, including how many customers are affected by the incident. 

LastPass has more than 33 million users and around 1.6 million paying customers as of 2024, according to its website.

LastPass previously experienced a data breach in 2022, in which hackers stole the company’s entire store of customer password vaults, which are used to store their sensitive credentials, such as passwords, tokens, and other personal and credit card numbers.

While the vaults were encrypted with master passwords only known to the customer, the breach allowed hackers to brute-force and crack the vaults offline with the weakest master passwords, and subsequently access the secrets inside. Several crypto thefts were later linked to the LastPass breach, after hackers were suspected of stealing the victim’s wallet keys by cracking their password vault.

Klue CEO Jason Smith said in a blog post that the company identified hackers in its systems on June 12. A hacking and extortion group called Icarus took credit for the breach, and have publicly threatened to release the stolen data if a ransom isn’t paid.

Smith has not responded to TechCrunch’s emails about the incident, including how many customers are affected or if the company has been in contact with the hackers.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

South Korea hits Coupang with $400M+ fine for data breach that affected millions


South Korean authorities have imposed a record-breaking fine of $624 billion won (over $400 million) on retail giant Coupang after a data breach last year compromised the personal data of more than 34 million customers.

Seoul’s Personal Information Protection Commission issued the maximum penalty on Thursday following discovery of the breach in December 2025. The retail giant, which is headquartered in the U.S. but popular in South Korea and likened to the “Amazon of Asia,” had said the months-long data breach allowed a former employee to obtain names, email and shipping addresses, phone numbers and order histories of about two-thirds of South Korea’s population.

Coupang told BBC News that it plans to challenge the regulator’s decision. The fine represents a rare case of a financial penalty issued against a U.S.-based firm. Korean lawmakers have accused some of their American counterparts of imposing political pressure after reports that U.S. representatives were linking the data breach with U.S.-South Korean bilateral ties in response to the case against Coupang’s executives.

U.S. companies rarely face financial sanctions or criminal prosecution for data breaches as a result of lacking laws and enforcement powers.

Booking.com confirms hackers accessed customers’ data


Booking.com confirmed Monday that hackers may have accessed customers’ personal data, including names, emails, physical addresses, phone numbers, and booking details. The global travel and hotel reservation giant notified customers this past week of the breach, according to several online posts. 

“We’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation,” read the notificaiton to customers, according to one user’s post on Reddit. Several other Reddit users replying to the post said they received the same notification. The message from the company included the aforementioned types of compromised data, as well as “anything that you may have shared with the accommodation.” 

The user who posted the notification on Reddit told TechCrunch that they received a phishing message via WhatsApp two weeks ago that included “booking details and personal information.” That suggests hackers are leveraging the stolen information to target Booking.com customers. 

Booking.com spokesperson Courtney Camp told TechCrunch that the company “noticed some suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information. Upon discovering the activity, we took action to contain the issue. We have updated the PIN number for these reservations and informed our guests.” 

The spokesperson declined to answer TechCrunch’s specific questions, including how many customers were affected by this incident and then notified. 

The company told The Guardian that “financial information was not accessed”.

In 2024, TechCrunch reported that hackers had infected several hotels’ computers with consumer-grade spyware, or stalkerware. In one case, a victim was logged into their Booking.com administration portal when the PcTattleTale stalkerware took a screenshot of their screen. 

Techcrunch event

San Francisco, CA
|
October 13-15, 2026

According to the company’s website, 6.8 billion customers have booked hotel rooms and homes since 2010.

Rockstar Games has confirmed it was hit by third-party data breach


An experienced hacking group has claimed to have infiltrated Rockstar Games‘ cloud servers, while the game publisher has confirmed that there was a “third-party data breach.” ShinyHunters, a hacker group that’s been linked to data breaches targeting Microsoft, Google, Ticketmaster and others, posted a message on its website with a final warning to Rockstar to “pay or leak.” The hack was first spotted by Hackread and the Cybersec Guru.

ShinyHunters didn’t detail what Rockstar data it gained access to, only adding that the company had until April 14 to reach out or that the group would leak the compromised info that would lead to “several annoying (digital) problems.” Rockstar Games confirmed the breach to Kotaku, explaining that “a limited amount of non-material company information was accessed in connection with a third-party data breach,” and that the incident had “no impact on our organization or our players.”

Previously, Rockstar had to deal with a major hack that led to a leak including plenty of gameplay footage and assets for Grand Theft Auto VI in 2022. Following the hack, one of the 18-year-old members of the Lapsus$ group responsible for the leak, was sentenced to an “indefinite hospitalization.”

De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack


Decentralized finance company Drift says it has suspended withdrawals and deposits after confirming a security incident. 

The crypto platform said in a post on X that it was “experiencing an active attack,” and that it was working to “contain the incident.”

Security researchers and public blockchain data suggest the losses could be significant. Blockchain security firm CertiK said on X that hackers may have stolen around $136 million, while crypto analytics firm Arkham put the figure at around $285 million stolen.

If confirmed, this would make the Drift hack the largest crypto theft of the year, according to the Rekt leaderboard, a site that tracks crypto thefts by size.

It’s not clear who is behind the attack, and a spokesperson for Drift did not immediately respond to a request for comment.

Security firms say North Korea was behind the most crypto thefts last year, netting at least $2 billion in stolen cryptocurrency, funds the regime is believed to use to finance its nuclear weapons program and skirt international sanctions that restrict its access to the global financial system.

The biggest data breaches in 2024: 1 billion stolen records and rising


We’re almost at the end of 2024, a year that will go down as having seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can’t get any worse, they do.

From huge stores of customers’ personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 have surpassed the 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks.

Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact and, in some cases, how they could have been stopped. 

AT&T’s data breaches affect “nearly all” of its customers, and many more non-customers

For AT&T, 2024 has been a very bad year for data security. The telecoms giant confirmed not one, but two separate data breaches just months apart.

In July, AT&T said cybercriminals had stolen a cache of data that contained phone numbers and call records of “nearly all” of its customers, or around 110 million people, over a six-month period in 2022 and in some cases longer. The data wasn’t stolen directly from AT&T’s systems, but from an account it had with data giant Snowflake (more on that later).

Although the stolen AT&T data isn’t public (and one report suggests AT&T paid a ransom for the hackers to delete the stolen data) and the data itself does not contain the contents of calls or text messages, the “metadata” still reveals who called who and when, and in some cases the data can be used to infer approximate locations. Worse, the data includes phone numbers of non-customers who were called by AT&T customers during that time. That data becoming public could be dangerous for higher-risk individuals, such as domestic abuse survivors.

That was AT&T’s second data breach this year. Earlier in March, a data breach broker dumped online a full cache of 73 million customer records to a known cybercrime forum for anyone to see, some three years after a much smaller sample was teased online.

The published data included customers’ personal information, including names, phone numbers and postal addresses, with some customers confirming their data was accurate

But it wasn’t until a security researcher discovered that the exposed data contained encrypted passcodes used for accessing a customer’s AT&T account that the telecoms giant took action. The security researcher told TechCrunch at the time that the encrypted passcodes could be easily unscrambled, putting some 7.6 million existing AT&T customer accounts at risk of hijacks. AT&T force-reset its customers’ account passcodes after TechCrunch alerted the company to the researcher’s findings. 

One big mystery remains: AT&T still doesn’t know how the data leaked or where it came from

Change Healthcare hackers stole medical data on “substantial proportion” of people in America

In 2022, the U.S. Justice Department sued health insurance giant UnitedHealth Group to block its attempted acquisition of health tech giant Change Healthcare, fearing that the deal would give the healthcare conglomerate broad access to about “half of all Americans’ health insurance claims” each year. The bid to block the deal ultimately failed. Then, two years later, something far worse happened: Change Healthcare was hacked by a prolific ransomware gang; its almighty banks of sensitive health data were stolen because one of the company’s critical systems was not protected with multi-factor authentication.

The lengthy downtime caused by the cyberattack dragged on for weeks, causing widespread outages at hospitals, pharmacies and healthcare practices across the United States. But the aftermath of the data breach has yet to be fully realized, though the consequences for those affected are likely to be irreversible. UnitedHealth says the stolen data — which it paid the hackers to obtain a copy — includes the personal, medical and billing information on a “substantial proportion” of people in the United States. 

UnitedHealth has yet to attach a number to how many individuals were affected by the breach. The health giant’s chief executive, Andrew Witty, told lawmakers that the breach may affect around one-third of Americans, and potentially more. For now, it’s a question of just how many hundreds of millions of people in the U.S. are affected. 

Synnovis ransomware attack sparked widespread outages at hospitals across London 

A June cyberattack on U.K. pathology lab Synnovis — a blood and tissue testing lab for hospitals and health services across the U.K. capital — caused ongoing widespread disruption to patient services for weeks. The local National Health Service trusts that rely on the lab postponed thousands of operations and procedures following the hack, prompting the declaration of a critical incident across the U.K. health sector.

A Russia-based ransomware gang was blamed for the cyberattack, which saw the theft of data related to some 300 million patient interactions dating back a “significant number” of years. Much like the data breach at Change Healthcare, the ramifications for those affected are likely to be significant and life-lasting. 

Some of the data was already published online in an effort to extort the lab into paying a ransom. Synnovis reportedly refused to pay the hackers’ $50 million ransom, preventing the gang from profiting from the hack but leaving the U.K. government scrambling for a plan in case the hackers posted millions of health records online. 

One of the NHS trusts that runs five hospitals across London affected by the outages reportedly failed to meet the data security standards as required by the U.K. health service in the years that ran up to the June cyberattack on Synnovis.

Ticketmaster had an alleged 560 million records stolen in the Snowflake hack

A series of data thefts from cloud data giant Snowflake quickly snowballed into one of the biggest breaches of the year, thanks to the vast amounts of data stolen from its corporate customers. 

Cybercriminals swiped hundreds of millions of customer data from some of the world’s biggest companies — including an alleged 560 million records from Ticketmaster, 79 million records from Advance Auto Parts and some 30 million records from TEG — by using stolen credentials of data engineers with access to their employer’s Snowflake environments. For its part, Snowflake does not require (or enforce) its customers to use the security feature, which protects against intrusions that rely on stolen or reused passwords. 

Incident response firm Mandiant said around 165 Snowflake customers had data stolen from their accounts, in some cases a “significant volume of customer data.” Only a handful of the 165 companies have so far confirmed their environments were compromised, which also includes tens of thousands of employee records from Neiman Marcus and Santander Bank, and millions of records of students at Los Angeles Unified School District. Expect many Snowflake customers to come forward. 

(Dis)honorable mentions

Cencora notifies over a million and counting that it lost their data:

U.S. pharma giant Cencora disclosed a February data breach involving the compromise of patients’ health data, information that Cencora obtained through its partnerships with drug makers. Cencora has steadfastly refused to say how many people are affected, but a count by TechCrunch shows well over a million people have been notified so far. Cencora says it’s served more than 18 million patients to date. 

MediSecure data breach affects half of Australia:

Close to 13 million people in Australia — roughly half of the country’s population — had personal and health data stolen in a ransomware attack on prescriptions provider MediSecure in April. MediSecure, which distributed prescriptions for most Australians until late 2023, declared insolvency soon after the mass theft of customer data.

Kaiser shared health data on millions of patients with advertisers:

U.S. health insurance giant Kaiser disclosed a data breach in April after inadvertently sharing the private health information of 13.4 million patients, specifically website search terms about diagnoses and medications, with tech companies and advertisers. Kaiser said it used their tracking code for website analytics. The health insurance provider disclosed the incident in the wake of several  other telehealth startups, like Cerebral, Monument and Tempest, admitting they too shared data with advertisers.

USPS shared postal address with tech giants, too:

And then it was the turn of the U.S. Postal Service caught sharing postal addresses of logged-in users with advertisers like Meta, LinkedIn and Snap, using a similar tracking code provided by the companies. USPS removed the tracking code from its website after TechCrunch notified the postal service in July of the improper data sharing, but the agency wouldn’t say how many individuals had data collected. USPS has over 62 million Informed Delivery users as of March 2024.

Evolve Bank data breach affected fintech and startup customers:

A ransomware attack targeting Evolve Bank saw the personal information of more than 7.6 million people stolen by cybercriminals in July. Evolve is a banking-as-a-service giant serving mostly fintech companies and startups, like Affirm and Mercury. As a result, many of the individuals notified of the data breach had never heard of Evolve Bank, let alone have a relationship with the firm, prior to its cyberattack.

National Public Data goes broke after millions of SSNs stolen

The company behind the data broker National Public Data filed for Chapter 11 bankruptcy protection in October, months after a massive data breach exposed some three billion records affecting around 270 million individuals, according to various analyses by security researchers. The data broker allowed its paying customers access to its vast databases of names, dates of birth, email and postal addresses, phone numbers, and Social Security numbers (even if not all of the data was accurate). The company said it had to file for bankruptcy as it can no longer generate the revenue to address the deluge of class-action lawsuits and mounting liability from state and federal regulators.

First published on June 28 and updated on October 14.

Student raised security concerns in Mobile Guardian MDM weeks before cyberattack


A person claiming to be a student in Singapore publicly posted documentation showing lax security in a widely popular school mobile device management service called Mobile Guardian, weeks before a cyberattack on the company resulted in the mass-wiping of student devices and widespread disruption.

In an email with TechCrunch, the student — who declined to provide his name citing fear of legal retaliation — said he reported the bug to the Singaporean government by email in late May but could not be sure that the bug was ever fixed. The Singaporean government told TechCrunch that the bug was fixed prior to Mobile Guardian’s cyberattack on August 4, but the student said that the bug was so easy to find and trivial for an unsophisticated attacker to exploit, that he fears there are more vulnerabilities of similar exploitability.

The U.K.-based Mobile Guardian, which provides student device management software in thousands of schools around the world, disclosed the breach on August 4 and shut down its platform to block the malicious access, but not before the intruder used their access to remotely wipe thousands of student devices.

A day later, the student published details of the vulnerability he had previously sent to the Singaporean Ministry of Education, a major customer of Mobile Guardian since 2020.

In a Reddit post, the student said the security bug he found in Mobile Guardian granted any signed-in user “super admin” access to the company’s user management system. With that access, the student said, a malicious person could perform actions that are reserved for school administrators, including the ability to “reset every person’s personal learning device,” he said. 

The student wrote that he reported the issue to the Singaporean education ministry on May 30. Three weeks later, the ministry responded to the student saying the flaw is “no longer a concern,” but declined to share any further details with him, citing “commercial sensitivity,” according to the email seen by TechCrunch. 

When reached by TechCrunch, the ministry confirmed it had received word of the bug from the security researcher, and that “the vulnerability had been picked up as part of an earlier security screening, and had already been patched,” as per spokesperson Christopher Lee.

“We also confirmed that the disclosed exploit was no longer workable after the patch. In June, an independent certified penetration tester conducted a further assessment, and no such vulnerability was detected,” said the spokesperson.

“Nevertheless, we are mindful that cyber threats can evolve quickly and new vulnerabilities discovered,” the spokesperson said, adding that the ministry “regards such vulnerability disclosures seriously and will investigate them thoroughly.”

Bug exploitable in anyone’s browser

The student described the bug to TechCrunch as a client-side privilege escalation vulnerability, which allowed anyone on the internet to create a new Mobile Guardian user account with an extremely high level of system access using only the tools in their web browser. This was because Mobile Guardian’s servers were allegedly not performing the proper security checks and trusting responses from the user’s browser.

The bug meant that the server could be tricked into accepting the higher level of system access for a user’s account by modifying the network traffic in the browser.

TechCrunch was provided a video — recorded on May 30, the day of disclosure — demonstrating how the bug works. The video shows the user creating a “super admin” account using only the browser’s in-built tools to modify the network traffic containing the user’s role to elevate that account’s access from “admin” to “super admin.”

The video showed the server accepting the modified network request, and when logged in as that newly created “super admin” user account, granted access to a dashboard displaying lists of Mobile Guardian enrolled schools.

Mobile Guardian CEO Patrick Lawson did not respond to multiple requests for comment prior to publication, including questions about the student’s vulnerability report and whether the company fixed the bug.

After we contacted Lawson, the company updated its statement as follows: “Internal and third party investigations into previous vulnerabilities of the Mobile Guardian Platform are confirmed to have been resolved and no longer pose a risk.” The statement did not say when the previous flaws were resolved nor did the statement explicitly rule out a link between the previous flaws and its August cyberattack. 

This is the second security incident to beset Mobile Guardian this year. In April, the Singaporean education ministry confirmed the company’s management portal had been hacked and the personal information of parents and school staff from hundreds of schools across Singapore compromised. The ministry attributed the breach to Mobile Guardian’s lax password policy, rather than a vulnerability in its systems.


Do you know more about the Mobile Guardian cyberattack? Are you affected? Get in touch. You can contact this reporter on Signal and WhatsApp at +1 646-755-8849, or by email. You can send files and documents via SecureDrop.

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware


Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble to understand if their stores of cloud data have been compromised. 

Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts of data, such as customer data, in the cloud.

Last week, Australian authorities sounded the alarm saying they had become aware of “successful compromises of several companies utilising Snowflake environments,” without naming the companies. Hackers had claimed on a known cybercrime forum that they had stolen hundreds of millions of customer records from Santander Bank and Ticketmaster, two of Snowflake’s biggest customers. Santander confirmed a breach of a database “hosted by a third-party provider,” but would not name the provider in question. On Friday, Live Nation confirmed that its Ticketmaster subsidiary was hacked and that the stolen database was hosted on Snowflake

Snowflake acknowledged in a brief statement that it was aware of “potentially unauthorized access” to a “limited number” of customer accounts, without specifying which ones, but that it has found no evidence there was a direct breach of its systems. Rather, Snowflake called it a “targeted campaign directed at users with single-factor authentication” and that the hackers used “previously purchased or obtained through infostealing malware,” which is designed to scrape a user’s saved passwords from their computer.

Despite the sensitive data that Snowflake holds for its customers, Snowflake lets each customer manage the security of their environments, and does not automatically enroll or require its customers to use multi-factor authentication, or MFA, according to Snowflake’s customer documentation. Not enforcing the use of MFA appears to be how cybercriminals allegedly obtained huge amounts of data from some of Snowflake’s customers, some of which set up their environments without the additional security measure. 

Snowflake conceded that one of its own “demo” accounts was compromised because it wasn’t protected beyond a username and password, but claimed the account “did not contain sensitive data.” It’s unclear if this stolen demo account has any role in the recent breaches. 

TechCrunch has this week seen hundreds of alleged Snowflake customer credentials that are available online for cybercriminals to use as part of hacking campaigns, suggesting that the risk of Snowflake customer account compromises may be far wider than first known. 

The credentials were stolen by infostealing malware that infected the computers of employees who have access to their employer’s Snowflake environment.

Some of the credentials seen by TechCrunch appear to belong to employees at companies known to be Snowflake customers, including Ticketmaster and Santander, among others. The employees with Snowflake access include database engineers and data analysts, some of whom reference their experience using Snowflake on their LinkedIn pages.

For its part, Snowflake has told customers to immediately switch on MFA for their accounts. Until then, Snowflake accounts that aren’t enforcing the use of MFA to log in are putting their stored data at risk of compromise from simple attacks like password theft and reuse. 

How we checked the data

A source with knowledge of cybercriminal operations pointed TechCrunch to a website where would-be attackers can search through lists of credentials that have been stolen from various sources, such as infostealing malware on someone’s computer or collated from previous data breaches. (TechCrunch is not linking to the site where stolen credentials are available so as not to aid bad actors.)

In all, TechCrunch has seen more than 500 credentials containing employee usernames and passwords, along with the web addresses of the login pages for the corresponding Snowflake environments. 

The exposed credentials appear to pertain to Snowflake environments belonging to Santander, Ticketmaster, at least two pharmaceutical giants, a food delivery service, a public-run freshwater supplier, and others. We have also seen exposed usernames and passwords allegedly belonging to a former Snowflake employee. 

TechCrunch is not naming the former employee because there’s no evidence they did anything wrong. (It’s ultimately both the responsibility of Snowflake and its customers to implement and enforce security policies that prevent intrusions that result from the theft of employee credentials.) 

We did not test the stolen usernames and passwords as doing so would break the law. As such, it’s unknown if the credentials are currently in active use or if they directly led to account compromises or data thefts. Instead, we worked to verify the authenticity of the exposed credentials in other ways. This includes checking the individual login pages of the Snowflake environments that were exposed by the infostealing malware, which were still active and online at the time of writing.

The credentials we’ve seen include the employee’s email address (or username), their password, and the unique web address for logging in to their company’s Snowflake environment. When we checked the web addresses of the Snowflake environments — often made up of random letters and numbers — we found the listed Snowflake customer login pages are publicly accessible, even if not searchable online.

TechCrunch confirmed that the Snowflake environments correspond to the companies whose employees’ logins were compromised. We were able to do this because each login page we checked had two separate options to sign in.

One way to login relies on Okta, a single sign-on provider that allows Snowflake users to sign in with their own company’s corporate credentials using MFA. In our checks, we found that these Snowflake login pages redirected to Live Nation (for Ticketmaster) and Santander sign-in pages. We also found a set of credentials belonging to a Snowflake employee, whose Okta login page still redirects to an internal Snowflake login page that no longer exists.

Snowflake’s other login option allows the user to use only their Snowflake username and password, depending on whether the corporate customer enforces MFA on the account, as detailed by Snowflake’s own support documentation. It’s these credentials that appear to have been stolen by the infostealing malware from the employees’ computers.

It’s not clear exactly when the employees’ credentials were stolen or for how long they have been online. 

There is some evidence to suggest that several employees with access to their company’s Snowflake environments had their computers previously compromised by infostealing malware. According to a check on breach notification service Have I Been Pwned, several of the corporate email addresses used as usernames for accessing Snowflake environments were found in a recent data dump containing millions of stolen passwords scraped from various Telegram channels used for sharing stolen passwords.

Snowflake spokesperson Danica Stanczak declined to answer specific questions from TechCrunch, including whether any of its customers’ data was found in the Snowflake employee’s demo account. In a statement, Snowflake said it is “suspending certain user accounts where there are strong indicators of malicious activity.”

Snowflake added: “Under Snowflake’s shared responsibility model, customers are responsible for enforcing MFA with their users.” The spokesperson said Snowflake was “considering all options for MFA enablement, but we have not finalized any plans at this time.”

When reached by email, Live Nation spokesperson Kaitlyn Henrich did not comment by press time.

Santander did not respond to a request for comment.

Missing MFA resulted in huge breaches

Snowflake’s response so far leaves a lot of questions unanswered, and lays bare a raft of companies that are not reaping the benefits that MFA security provides. 

What is clear is that Snowflake bears at least some responsibility for not requiring its users to switch on the security feature, and is now bearing the brunt of that — along with its customers.

The data breach at Ticketmaster allegedly involves upwards of 560 million customer records, according to the cybercriminals advertising the data online. (Live Nation would not comment on how many customers are affected by the breach.) If proven, Ticketmaster would be the largest U.S. data breach of the year so far, and one of the biggest in recent history.

Snowflake is the latest company in a string of high-profile security incidents and sizable data breaches caused by the lack of MFA. 

Last year, cybercriminals scraped around 6.9 million customer records from 23andMe accounts that weren’t protected without MFA, prompting the genetic testing company — and its competitors — to require users enable MFA by default to prevent a repeat attack.

And earlier this year, the UnitedHealth-owned health tech giant Change Healthcare admitted hackers broke into its systems and stole huge amounts of sensitive health data from a system not protected with MFA. The healthcare giant hasn’t yet said how many individuals had their information compromised but said it is likely to affect a “substantial proportion of people in America.”


Do you know more about the Snowflake account intrusions? Get in touch. To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.