Potential Security Flaw at Ticketmaster Risks Data of Over 560 Million Patrons

Concertgoers regularly complain about Ticketmaster’s hidden fees and alleged monopolistic behavior. Unfortunately, we just found a new reason to be upset with Ticketmaster—hackers claim to have breached the vendor and are now selling the names, addresses, and partial payment details of over 500,000,000 customers.

We usually learn of a data breach after it’s been formally announced by the affected company. In this case, news of the data breach comes from Hackread , a cybersecurity publication that discovered a listing for stolen Ticketmaster data on the recently-reopened BreachForums cybercriminal bazaar. (The Australian Department of Home Affairs says that it’s “working with Ticketmaster to understand the incident,” so despite Ticketmaster’s tight-lipped approach, we’re operating under the assumption that this incident is real.)

The BreachForums listing, which was created by a hacker group named ShinyHunters, describes a 1.3 TB database containing the private information of 560 million Ticketmaster customers. ShinyHunters wants to sell the data for $500,000—a bargain, all things considered.

While we can’t verify any of ShinyHunters’ claims, the group told Hackread that it tried to sell the stolen data back to Ticketmaster before throwing everything up for sale on BreachForums. Evidently, Ticketmaster failed to respond to this extortion attempt, and it’s unclear whether ShinyHunters is looking for a new buyer or simply placing pressure on its victim.

And, interestingly, this stunt may be more about notoriety than money. BreachForums, which is partially operated by ShinyHunters, was shut down by the FBI just two weeks ago. Now, it’s been revived with a listing that could potentially affect half a billion people. ShinyHunters is effectively giving a middle-finger to the FBI while showing hackers that BreachForums is alive, strong, and potentially untouchable.

The fact that ShinyHunters chose Ticketmaster as its victim also contributes to the “notoriety” narrative. Not only is Ticketmaster despised by every Taylor Swift fan (and many other concertgoers), but its parent company, Live Nation Entertainment, was dragged to court by the DOJ two weeks ago under charges of operating an illegal monopoly. Obviously, Ticketmaster’s customers are the real victims here, but a lot of people will take this opportunity to criticize Ticketmaster and simply gloss over ShinyHunter’s involvement in the breach.

We’re still waiting for Ticketmaster to issue a formal statement. In any case, now’s a good time to log into Ticketmaster and reset your password . You should also check your Ticketmaster billing details to see if any credit cards are saved to your account—call your bank to replace these cards, and consider setting up fraud alerts if you’re concerned about identity theft.

Source: Hackread

Also read: