Ticketmaster Hack: Personal Data of 560 Million Customers Potentially Compromised

Ticketmaster’s parent company, Live Nation, has confirmed “unauthorised activity” on its database following claims by the hacking group ShinyHunters that they have stolen the personal details of 560 million customers.

The compromised data reportedly includes names, addresses, phone numbers, and partial credit card details of Ticketmaster users worldwide.

ShinyHunters, the group behind the breach, is demanding a $500,000 (£400,000) ransom to prevent the data from being sold. Live Nation disclosed the incident in a filing to the US Securities and Exchange Commission, stating that on 27 May, “a criminal threat actor offered what it alleged to be Company user data for sale via the dark web”. The company is currently investigating the breach.

While the exact number of affected customers has not been confirmed by Live Nation, the breach was first revealed when hackers advertised the stolen data on Wednesday evening. Despite initial reluctance to confirm the breach to reporters or customers, Ticketmaster notified shareholders late on Friday.

Both the Australian government and the FBI are involved in addressing the issue. A spokesperson for the FBI has declined to comment on the matter.

In its SEC filing, Live Nation assured that it is working to “mitigate risk” to its customers and is notifying users about the unauthorised access to their personal information. The company stated that the incident is not expected to have a material impact on its overall business operations or financial condition.

Ticketmaster, one of the world’s largest online ticket sales platforms, is facing one of the largest data breaches in history. The sensitivity of the data in the hands of cyber criminals remains unclear. This breach is part of a broader hacking campaign involving a cloud service provider called Snowflake, which has alerted its customers to increased cyber threat activity.

In a related incident, Santander confirmed that data from an estimated 30 million customers was stolen and is being sold by the same hacking group. The bank clarified that UK customer data was not affected.

The hacking forum BreachForums, where the stolen data has been advertised, is a notorious site on the dark web for trading stolen information. ShinyHunters has a history of high-profile data breaches, including the sale of data from 70 million AT&T customers and a breach affecting nearly 200,000 Pizza Hut customers in Australia.

The FBI previously shut down BreachForums in March 2023, arresting its administrator, Conor Brian Fitzpatrick. However, the forum has since resurfaced.

The scale of the Ticketmaster breach, if confirmed, could mark it as one of the most significant data breaches ever, both in terms of the number of affected individuals and the extent of the data stolen. This is not the first security issue for Ticketmaster, which faced a $10 million fine in 2020 for hacking into a competitor’s system and experienced a cyber attack in November that disrupted ticket sales for Taylor Swift’s Era’s tour.

Adding to its woes, Live Nation is currently facing a lawsuit from US regulators accusing it of monopolistic practices in the live music industry, leading to higher ticket prices and poorer service for customers.

As the investigation continues, affected customers are advised to remain vigilant for any signs of fraudulent activity and to monitor communications from Ticketmaster and Live Nation for updates on the breach and protective measures being implemented.