Ticketmaster Hack Ticks Off 560M Customers in 1.3TB Breach
The AWS instance was penetrated by unknown perps; “ShinyHunters,” selling stolen data on their behalf.
As we reported yesterday, hackers breached Ticketmaster and stole half a billion records of personal information. Now we know that independent researchers have verified the leaked data, which has been priced at a half-million dollar ransom.
The tale also highlights the return of the notorious BreachForums despite the FBI’s best efforts. In today’s SB Blogwatch, here’s what we know now and what people are saying.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Canary Wharf.
Hidden 5% Fee Added to Ransom
What’s the craic? Nathan Eddy reports: Ticketmaster Hacked
“Massive data breach”
The threat group ShinyHunters claims to have captured 1.3 terabytes of Ticketmaster customer data. … The group is threatening to release the personal data unless a ransom of $500,000 is paid. … ShinyHunters is run by one of the administrators of the notorious hacker forum BreachForums and has been linked to numerous high-profile hacking incidents in the past.
…
Ticketmaster is far from the only major corporation to suffer from a massive data breach—although the 560 million customers impacted places it comfortably in the upper echelons of the largest data breaches of all time. [But] Ticketmaster is the company customers love to hate, thanks to its high service fees, customer service issues, a monopoly stranglehold on the market, bots scooping Swiftie tickets, a general lack of transparency—oh, and dynamic pricing.
Who broke the story? Dr. Dissent Doe did: Ticketmaster’s terrible, horrible, no good, very bad week just got worse
“ShinyHunters”
On May 23, the U.S. Department of Justice, joined by 29 state attorneys general and the District of Columbia, sued Live Nation Entertainment and … subsidiary Ticketmaster for violating the Sherman Antitrust Act. … Consumers may fume when they read that … Ticketmaster has allegedly been hacked and what is claimed to be customer data has been put up for sale.
…
ShinyHunters … declined to answer questions about when and how Ticketmaster was compromised and whether he still had access. But he did answer [my] question about attempts to contact Ticketmaster: He claims he did contact them, but they never even opened his message.
But wasn’t ShinyHunters’ forum seized by the feds? Waqas Ahmed explains: 560M Users’ Info for Sale
“Prioritize transparency”
Despite the FBI’s recent efforts to shut down [BreachForums], ShinyHunters managed to reclaim the seized domain, showcasing their technical prowess and resilience against law enforcement actions. … ShinyHunters has allegedly accessed a treasure trove of sensitive user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, … the last four digits of card numbers, expiration dates, and even customer fraud details.
…
[This] could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks. … Users are advised to monitor their financial accounts closely, change passwords, and remain alert about potential phishing attempts. Companies like Ticketmaster must prioritize transparency and swift communication with their users to mitigate the damage and restore trust.
Has it been independently confirmed? A few hours ago, vx-underground Xeeted (or whatever it is we say now):
Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach. … Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. [It] was not performed by ShinyHunters group: ShinyHunters is the individual [who] posted the auction of the data—they are acting as a proxy.
…
We can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000’s. … The most recent transaction data we can find is from March 10th, 2024.
Plenty have mixed feeling about this story. bartread for instance:
On one hand, yes, there’s a certain amount of schadenfreude here, because I have on multiple occasions been more or less annoyed by Ticketmaster. On the other hand, … I’ve used them quite a lot — because for many events, what other choice is there?
I can’t say I’m terribly happy that my personal information has been so thoroughly exposed via this hack. And I’m more than a bit frustrated that Ticketmaster/Live Nation have been so careless and sloppy with their security.
Can we at least stop worrying about the card info? Mike 137 thinks so:
The last four digits: … That means the last three digits of the (at least seven digit) account number and the checksum digit. So even supposing that the card issuer could be identified or inferred, it’s still relatively hard to make fraudulent use of that information in the presence of adequate fraud monitoring.
On the other hand, one of my cards was compromised from South America a few years back, apparently by pure numeric trial and error. … But the bank did pick them up quite swiftly. However, the entire card number system is a somewhat fragile legacy of pre-internet slow computer days, and should ideally be revised.
What are you gonna do about it? That’s what dohzer’s wondering:
That’s the final straw. For all future ticket purchases, I’m switching from Ticketmaster to… oh… wait…
And now I know who you are. It wasn’t that hard, e____g figured you out:
My thoughts and prayers for the Nickelback fans outed by this breach.
Meanwhile, the “Australian Onion” scribbler Andrew Peters brings this gem of a headline:
Ticketmaster Hacker Demands $500K Ransom (Plus $300K Ransom Processing Fee, $220K Ransom Handling Fee).
And Finally:
Frankie “narcissistic spirit guide” McNamara points his shtick at London’s financial district
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Marcin Wichary (cc:by; leveled and cropped)
