ShinyHunters Strikes Again: Group Hacks Santander Bank, Ticketmaster Customers File Suit

ShinyHunters, the Pokémon-themed hacker group that claimed it breached Ticketmaster in a massive breach this week, on Friday claimed responsibility for an attack on Santander Bank, exposing 30 million customers in Spain, Chile, and Uruguay.

This week, two US Ticketmaster customers filed a lawsuit claiming the company was negligent in protecting data. Ticketmaster and parent company Live Nation have not confirmed the breach.

According to a post on Breach Forums (which is reportedly run by ShinyHunters), the Santander breach involves 30 million records, including 6 million account numbers and balances, human resources employee lists, consumer citizenship information, 28 million full credit numbers, including expiration dates and verification details, along with other sensitive data. The group is offering the data in a “one-time” sale for $2 million.

A May 14 statement from Santander Bank acknowledged a breach matching what ShinyHunters described, citing “unauthorized access to a Santander database hosted by a third-party provider.” The bank said it immediately blocked compromised access and established fraud prevention controls. The bank said no other markets were impacted by the breach.

Third-Party Storage Implications

Many large institutions trust database hosting to third-party cloud services. It’s unclear if the third-party was managing the database or just hosting. And Santander did not disclose the name of the hosting provider.

Related:‘ShinyHunters’ Group Claims Massive Ticketmaster Breach

Jon Sternstein, CEO of Stern Security, says companies must stay vigilant with regular cyber hygiene that includes constant monitoring of third-party hosting.

“These threat actors basically search for any exposed databases or misconfigurations with any cloud provider,” Sternstein says. “So, they might not have been specifically targeting this bank -- they could have just been searching for any type of misconfiguration on these cloud providers and found that information.”

With cloud hosting, Sternstein says, he still sees too many opportunities for threat actors. “It’s amazing to me that there are still so many of these exposed databases and that it’s just way to easy to misconfigure the system to expose data. Unfortunately, it’s pretty common.”

Ticketmaster Hit with Lawsuit

A lawsuit filed Wednesday in the US District Court for the Central District of California says the alleged ShinyHunters Ticketmaster breach was “a direct result of the Defendants’ failure to implement adequate and reasonable cybersecurity procedures and protocols, consistent with the industry standard, necessary to protect private information from the foreseeable threat of a cyberattack.”

Related:Getting Aggressive with Cloud Cybersecurity

ShinyHunters claimed they breached Ticketmaster and stole sensitive information of more than 560 million worldwide customers.

The lawsuit also said Ticketmaster failed to notify customers of the alleged breach. “Defendants have not released a statement nor notified its customers that their private information has been compromised and is likely in the hands of threat actors. Ticketmaster consumers are in the dark, unaware that their private information may be used to effectuate identity theft, phishing scams, plunging credit scores and related cybercrimes.

Ticketmaster, as of publishing time, has not released a statement. InformationWeek has reached out to Ticketmaster and Live Nation for comment and will update this story.