The data was reportedly put back up for sale over the past weekend.
Ticketmaster had more than 569 GB of data stolen during last year's Snowflake data breach.
According to BleepingComputer, the data was advertised for sale by the Arkana Security ransomware operation on its leak site, before being taken down.
While data exposed by Arkana Security was initially suspected to be from a new data breach, BleepingComputer discovered that the recently leaked files were the same as those previously identified in the Snowflake attacks.
Also included in the Arkana Security's posting was an image referencing the custom RapeFlake tool leveraged for Snowflake database reconnaissance and information theft efforts.
Dr Martin Kraemer, Security Awareness Advocate at KnowBe4, said: “While it may have been a mistake by the group to offer the data for sale again, it would not be an uncommon occurrence for a threat actor to do so deliberately.
“It is common for cyber-criminals to attempt sales of the same data set more than once. Think of the dark web like a full blown SaaS market where datasets have become commodity and fuel: data resale and reuse is beneficial, e.g., to run a follow-up extortion campaign targeting customers of an organisation after an organisation paid their ransom already.
“Market dynamics dictate that data sold once would be sold at a lower price as its value depends on freshness, completeness, and usability."
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
