Ticketmaster is believed to have had its IT breached by cybercriminals who claim to have stolen 1.3TB of data on 560 million of the corporation’s customers – and are now selling all that info for $500,000.
On Wednesday, Australia’s Department of Home Affairs told The Register that government, at least, is “aware of a cyber incident impacting Ticketmaster,” and that the “National Office of Cyber Security is engaging with Ticketmaster to understand the incident.”
The records allegedly swiped from Ticketmaster include customers’ names, email addresses, phone numbers, and physical addresses, as well as order info and credit card details — specifically, the last four digits of the cards plus names and expiration dates.
California-based Ticketmaster did not respond to The Register‘s inquiries about the claimed security breach, including when the data would have been stolen — and what, if anything, happened in the claimed heist and its aftermath.
ShinyHunters, the miscreants who boasted of pilfering the Ticketmaster files, are now peddling it all on an underworld forum, and list “customer fraud details” and “much more” included in the one-time six-figure sale price for the data. To be clear: The Register has not verified the alleged customer database dump.
“Whether the dataset is real and, if it is, where and when it was obtained are both unclear,” noted Emsisoft threat analyst Brett Callow, who posted a screenshot of ShinyHunters’ for-sale notice on Tuesday. This was before the Australian government confirmed there was at least a “cyber incident” affecting Ticketmaster.
The purported Ticketmaster data was put up for sale on Tuesday on the now-revived BreachForums, which declares the ShinyHunters crew as its administrator.
ShinyHunters was one of two previous BreachForums administrators, before police shut down an earlier incarnation of the notorious marketplace for stolen data and reportedly cuffed the other suspected admin two weeks ago. ShinyHunters told DataBreaches it did contact Ticketmaster before offering the customer data for sale, and claimed the biz never opened the message nor responded to it.
This is the same crew of miscreants who bragged about stealing private info belonging to 70 million AT&T customers in August 2021 before trying to sell it for $1 million.
If it’s legit, the Ticketmaster data dump comes at an especially bad time for the corporation, which is owned by Live Nation Entertainment.
Last week, the US Department of Justice along with 30 state and district attorneys general, sued the entertainment giant for its allegedly anti-competitive business practices, and “monopolistic control over the live events industry.”
Plus, fans are still unhappy with the ticket giant over last November’s bot fiasco, which broke the Ticketmaster website and forced it to cancel its general sale of Taylor Swift concert tickets. The Swifties were not pleased.
Ani Chaudhuri, co-founder and CEO of data security firm Dasera, told The Register the long-term impact to Ticketmaster’s reputation and customer trust could be “profound,” following the latest breach accusations.
“To regain credibility, Ticketmaster should be transparent about the breach, its impact, and the steps to prevent future incidents,” Chaudhuri said, suggesting a full-blown review and overhaul of its security infrastructure. ®