The Ticketmaster “breach”—what you need to know
Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users.
The data was offered for sale on one forum under the name “Shiny Hunters”. ShinyHunters is the online handle for a group of notorious cybercriminals associated with numerous data breaches, including the recent AT&T breach.
Post on BreachForums by ShinyHunters
The post says:
“Live Nation / Ticketmaster
Data includes
560 million customer full details (name, address, email, phone)
Ticket sales, event information, order details
CC detail – customer last 4 of card, expiration date
Customer fraud details
Much more
Price is $500k USD. One time sale.”
The same data set was offered for sale in an almost identical post on another forum by someone using the handle SpidermanData. This could be the same person or a member of the ShinyHunters group.
According to news outlet ABC, the Australian Department of Home Affairs said it is aware of a cyber incident impacting Ticketmaster customers and is “working with Ticketmaster to understand the incident.”
Some researchers expressed their doubts about the validity of the data set:
Thoughts on the alleged Ticketmaster Data Breach
TLDR: Alert not Alarmed
The Ticketmaster data breach claim has provided BreachForums with the quick attention they need to boost their user numbers and reputation.
The claim has possibly been over-stated to boost… pic.twitter.com/WJsFkBfQbw
— CyberKnow (@Cyberknow20) May 29, 2024
While others judged it looks legitimate based on conversations with involved individuals, and studying samples of the data set:
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.
Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not…
— vx-underground (@vxunderground) May 30, 2024
Whether or not the data is real remains to be seen. However, there’s no doubt that scammers will use this opportunity to make a quick profit.
Ticketmaster users will need to be on their guard. Read our tips below for some helpful advice on what to do in the event of a data breach.
You can also check what personal information of yours has already been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
All parties involved have refrained from any further comments. We’ll keep you posted.
Protecting yourself from a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.