Cybernews podcast #43: crooks attack Ticketmaster and Paris Olympics

In the freshest episode of the Cybernews podcast, we deep-dive into the Ticketmaster breach debacle, debate the continuing issues at Google, and analyze what Russian hackers could do during the Paris Olympics.

Ticketmaster breach a lesson we all need

Swifties, beware. One group of concertgoers in hacker’s crosshairs are those clamoring to see Taylor Swift during her in-progress EU tour. And so it happens that Ticketmaster, an American ticket sales and distribution company, was breached recently.

At first, Ticketmaster stalled and did not acknowledge whether the breach – which supposedly exposed a mind-boggling 560 million customers – actually happened. But then both Ticketmaster’s parent company, Live Nation, and Santander Bank, another targeted institution, admitted the incident.

Both organizations said that the breaches were the result of a third-party cloud data breach. They didn’t specify the vendor, but soon the name was out there, thanks to ShinyHunters, a threat group that shared a large swath of stolen data on the revived BreachForums. The culprit is Snowflake, an American data cloud company.

But Snowflake denied responsibility for the breaches. Yes, the company admitted an ex-employee account was compromised but denied that the hack was linked to the attacks on Ticketmaster and Santander Bank customers.

Researchers from vx-underground, working with samples, said the leak exposes personal information that includes full names, email addresses, physical addresses, telephone numbers, hashed credit card numbers, their types, authentication type, and “all user financial transactions.”

So what’s going on? Quite obviously, it’s a grave lesson for both Ticketmaster and Snowflake. Even if the vendor is smart enough to take a defensive stance and make it sound like their product is at fault, blunders were made, and the damage is yet to become clear.

Google in hot water once again

We couldn’t avoid talking about Google once again. Now, it looks like the largest internet company out there has more problems than its AI Overview feature on Search and glue on pizza.

The tech giant has been hit with not one but two leaks over the past week and just cannot seem to be able to escape hot water. Anonymous Google employees leaked an internal database to 404 Media, a news outlet, and soon, it revealed that Google had been collecting sensitive data from users.

For example, the leak revealed that a Google audio feature unintentionally recorded the voices of around 1,000 children, that Waze – owned by Google – was leaking users’ addresses, and that Google Street View was actually scanning, transcribing, and then storing cars’ license plates.

There was more. Another cache of leaked Google documents showed that the company’s Search Division may be using data to rank websites in a way that’s at odds with its public statements.

SEO experts have accused Google – the subject of the largest antitrust lawsuit in the US in the 21st century – of lying to users about its algorithm, which alone can help determine whether a business succeeds or fails.

Google is an essential part of our lives now, of course – most of us use its Search every day. But the company could certainly try to make itself easier to love, right?

Tom Cruise loathes the Olympics

Tom Cruise is not a regular name on technology news headlines, but apparently, he’s loved over on Russian Telegram channels that have been promoting a faux documentary called “Olympics Has Fallen.”

Resembling the 2013 action hit “Olympus Has Fallen,” the feature-length production is filled with AI-generated trickery, mimicking Tom Cruise’s voice to condemn the International Olympic Committee.

Of course, Cruise did not participate in any such documentary, but the AI-generated audio impersonates his voice and narrates “a strange, meandering script disparaging the International Olympic Committee’s leadership.”

Experts now know the video is fake and, quite frankly, absurd. But it’s still out there, and that means millions of people who don’t know why Russian athletes are banned from competing under their national flag (systematic cheating and the invasion of Ukraine) might still watch it and believe it.

All in all, Mandiant, a US cybersecurity firm, assesses that the security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games – thanks to the insights gained from past events.

Cyberbunker for sale in Germany

Finally, a Cold War-era bunker, built by the German military and later used by cybercrime ring CyberBunker to power the dark web, is now for sale. The state of Rhineland-Palatinate in Germany is looking to sell the CyberBunker property in Traben-Trarbach to the highest bidder.

The 5,500 square meter bunker was used as a darknet data center and cybercrime haven, facilitating almost 250,000 crimes, such as drug deals, data trafficking, cyberattacks, counterfeit money transactions, and others.

We try to guess how the property could be used now – a shooting range? Or maybe a wine and cheese cellar?