ShinyHunters hacking group has claimed to have breached Ticketmaster, stealing the personal data of 560 million users. The 1.3 TB of stolen data also includes payment details. Learn more about this major cybersecurity incident and its implications.
Update: 12:41 PM Monday, June 3, 2024 (GMT) – Live Nation Entertainment confirms its subsidiary Ticketmaster suffered a data breach after hackers put the data of 560 million users up for sale. Read the latest development here.
The notorious hacker group ShinyHunters has claimed to have breached Ticketmaster – Live Nation, a global ticket sales and distribution company, compromising the personal data of a staggering 560 million users. This massive 1.3 terabytes of data, is now being offered for sale on Breach Forums for a one-time sale for $500,000.
Ticketmaster Data Breach – Details
ShinyHunters has allegedly accessed a treasure trove of sensitive user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data. Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details.
The data breach, if confirmed, could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks. The hacker group’s bold move to put this data on sale goes on to show the growing menace of cybercrime and the increasing sophistication of these cyber adversaries.
ShinyHunters’ Sophistication and Recent Activities
ShinyHunters is no stranger to the hacking and cybercrime world. The group is known for its high-profile data breaches and is also the owner and administrator of Breach Forums, a notorious platform for cybercrime activities.
Despite the FBI’s recent efforts to shut down the forum, ShinyHunters managed to reclaim the seized domain, showcasing their technical prowess and resilience against law enforcement actions. This, as reported by Hackread.com, not only resulted in the return of Breach Forums to the dark web but also saw its revival on the clearnet, using the original domain.
Communication and Response
In an exclusive communication with Hackread.com, ShinyHunters revealed that they have attempted to contact Ticketmaster regarding the breach but have yet to receive a response. Hackread.com has reached out to Ticketmaster for a comment, and the article will be updated with any responses or official statements from the company.
Oded Vanunu, Chief Technologist and Head of Products Vulnerability Research at Check Point commented on the issue stating, “The proof provided by the seller on the infamous BreachForum website appears legitimate, although it is yet to be validated. If the information is genuine, this is a huge cache of personal data on more than 560 million worldwide customers.”
“With this, cybercriminals can commit identity theft and financial fraud, launch phishing attacks or take over online accounts. They may also use the data for blackmail, extortion, medical identity theft or credential stuffing which could lead to significant financial losses for customers, damage to credit scores, and an erosion of trust,” Vanunu warned.
“Despite the best efforts by international law enforcement to seize control of BreachForum, the platform continues to re-emerge and aid those looking to buy and sell illicit information. Its bounce-back serves as a reminder of how resilient cybercriminals are, and why we as an industry need to keep pace with them to stop the extraction and trading of sensitive data,” he added.
A Troubled Cybersecurity Past
This isn’t Ticketmaster’s first encounter with cybersecurity issues. On January 26, 2023, the company admitted that ticket sales for Taylor Swift’s concerts were disrupted by a bot-driven attack, highlighting vulnerabilities in their ticketing system.
Furthermore, back in January 2021, Ticketmaster was found guilty of hacking into a rival company, Songkick, to obtain confidential information. This criminal activity led to a $10 million settlement paid to the victim company.
That’s not all. Last week, on Thursday, May 23, 2024, the US Justice Department (DoJ) sued Live Nation-Ticketmaster for monopolizing markets across the live concert industry. The lawsuit highlights a pattern of cybersecurity and ethical challenges faced by Ticketmaster over the years.
Users are advised to monitor their financial accounts closely, change passwords, and remain alert about potential phishing attempts. Companies like Ticketmaster must prioritize transparency and swift communication with their users to mitigate the damage and restore trust.
This article has been updated with new information including acknowledgment from Ticketmaster.
