To its critics, it seems Ticketmaster may be experiencing some karma lately for years of being the bane of concertgoers’ existence. Unfortunately its latest hassle — a massive data leak — also negatively impacts consumers.
Just last week, the U.S. Justice Department filed an antitrust lawsuit against the ticketing conglomerate. The DOJ is seeking to break up the alleged monopoly its parent company, Live Nation Entertainment, holds over the live music and entertainment industry – potentially a good thing for consumers.
But Amid this nightmare for the company, a hacker group is now claiming to have stolen more than 500 million Ticketmaster customers’ data in an attack.
Originally reported by cybersecurity outlets like Hackread and Cyber Daily, The “notorious hacker group” ShinyHunters is claiming responsibility for the breach affecting roughly 560 million Ticketmaster customers. The hacker group is selling the 1.3 terabyte-sized trove of data for a one-time price of $500,000 on a popular hacking forum.
What Ticketmaster data was stolen?
According to ShinyHunters, this is an immense trove of sensitive user data.
The group allegedly has Ticketmaster customers’ full names, addresses, phone numbers, email addresses, and order history information including ticket purchase details and Ticketmaster event information.
Mashable Light Speed
In addition, hackers also allegedly have customers’ partial payment data which includes names, the last four digits of their credit card numbers, and card expiration dates.
Again, this sensitive data is connected to roughly half a billion users.
Mashable has reached out to Ticketmaster and will update this piece when we hear back.
How did this happen?
As of the publishing of this article, it’s unclear exactly how ShinyHunters carried out its attack. Ticketmaster has yet to comment on the situation or corroborate the hackers’ claims.
However, Australia’s Home Affairs Department has confirmed a “cyber incident impacting Ticketmaster customers.” Due to the time frame in which the hackers shared their breach, it appears Australian outlets were the first to cover the news.
Ticketmaster has struggled with bad actors online using bots and other methods to disrupt the ticketing service and scoop up tickets to resell. The company also has a history of being the bad actor itself when it comes to electronic data. In 2020, the company agreed to pay $10 million to rival ticketing company SongKick after individuals on Ticketmaster’s payroll obtained login credentials and gained unauthorized access to its competitors’ computers.
As for ShinyHunters, Mashable has had a prior run-in with the hacker group as the company was once a victim of its attacks in 2020. ShinyHunters was able to breach a database connected to a since-disabled Mashable feature that allowed readers to login to the site with their social media accounts from services like Facebook. The stolen data included information like email addresses but did not include more sensitive data like passwords or financial details.
According to ShinyHunters, the group attempted to contact Ticketmaster about the breach but have yet to receive a response.