Ticketmaster confirms data breach in cyber security attack

Hacker group ShinyHunters believed to have been behind the leak

Ticketmaster: Hackers steal details of more than half a billion customers. Photograph: Paul Sakuma/AP
Ticketmaster: Hackers steal details of more than half a billion customers. Photograph: Paul Sakuma/AP

Ticketmaster confirmed in a federal filing Friday that it was investigating a data breach after a hacking group known as ShinyHunters claimed responsibility for stealing the information of more than 500 million Ticketmaster customers.

In the filing, with the US securities and exchange commission, Ticketmaster’s parent company, Live Nation Entertainment, said it had “identified unauthorised activity within a third-party cloud database environment”.

Who is behind the breach?

ShinyHunters, a hacker group believed to have been formed around 2020, is believed to have been behind the breach.

READ MORE

Brett Callow, a threat analyst with the cybersecurity company Emsisoft, said it was a “credible threat actor,” though not much more was known about the group.

Its chief aim appears to be to obtain personal records and sell them.

Its past victims have included Microsoft and AT&T, among dozens of other companies in the United States and elsewhere, according to federal prosecutors.

In March, AT&T confirmed a breach in a news release and said it had affected roughly 70 million past or present customers.

In January, the US department of justice announced that a 22-year-old member of ShinyHunters – a French citizen named Sebastien Raoult – had been sentenced to three years in prison and ordered to pay more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft.

Who was affected in the Ticketmaster breach?

The hack was first revealed on a May 28th post on a forum called BreachForums.

According to a screenshot of the post shared by Mr Callow, the group posted that it had the identifying information of 560 million Ticketmaster customers, including credit card numbers and ticket sales.

The group listed its asking price for the data – said to be 1.3 terabytes in size – to be $500,000.

It was not immediately clear when the breach had occurred.

According to Ticketmaster’s public filing, the company first identified “unauthorised activity” on May 20th.

“We are working to mitigate risk to our users and the company, and have notified and are co-operating with law enforcement,” the filing said. “As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.”

The FBI did not respond to a request for comment Friday. Representatives for Ticketmaster did not respond to a request for additional comment.

In its filing, Live Nation said it did not believe the breach would have “a material impact on our overall business operations or on our financial condition or results of operations”.

I’m a Ticketmaster customer. What should I do to protect myself?

For now, Mr Callow said, it doesn’t appear that customer passwords have been compromised.

But if you do have a Ticketmaster account, you should nonetheless change your password as a precaution, he said.

This is the latest episode to place Ticketmaster under scrutiny.

The Justice Department filed a lawsuit against Live Nation on May 23rd, calling on a federal court to disband the company over what the government said was the maintenance of an illegally maintained monopoly over the live entertainment industry.

The company has called the government’s accusations “baseless allegations”. – This article originally appeared in The New York Times.

2024 The New York Times Company