Ticketmaster: Data of half a billion customers hacked, report
1.3 TB data trove on sale for $500,000
The personal data of 560 million Ticketmaster customers has allegedly been exposed in a massive data breach.
Hacker group ShinyHunters claimed responsibility for the attack and is selling the data on a hacking forum.
The apparent hack was first reported by CyberDaily, who also published a screenshot of BreachForums, the recently resurrected leak site which the FBI and international law enforcement claimed to have taken down two weeks ago.
The ShinyHunters group says it has obtained full names, addresses, phone numbers, email addresses, ticket purchase details and partial payment data, including the last four digits of credit card numbers and card expiration dates, of up to 560 million people.
ShinyHunters is selling the 1.3 TB trove of data for a one-time price of $500,000.
Australia's Home Affairs Department has confirmed a "cyber incident impacting Ticketmaster customers."
Ticketmaster has yet to issue an official response.
According the website vx-underground, the data appears to be genuine. However, based on conversations with "multiple individuals privy to and involved in the alleged TicketMaster breach" the identity of the hacker may not be.
"The Ticketmaster breach was not performed by ShinyHunters group. ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the Threat Group responsible for the compromise."
The alleged hack comes at a particularly bad time for Ticketmaster. The company is currently facing an antitrust lawsuit from the US Department of Justice. The lawsuit, filed just last week, alleges that Ticketmaster parent company Live Nation Entertainment, holds an effective monopoly over live music sales.
Commenting on the apparent breach, Raghu Nandakumara, head of industry solutions at Illumio, have emphasised the importance of containment: "Customers trust online merchants to look after their data, and an attack like this will have huge ramifications on the company's reputation. It's imperative organisations can see all risks and isolate breaches quickly when they do occur, and this requires a shift away from the traditional 'find and fix' approach to a 'limit and contain' mindset."
Customers whose data has been compromised may be at increased risk of phishing attacks, identity theft and other malicious activities.
This latest security issue adds to a growing list of Ticketmaster controversies, including a $10 million lawsuit in 2020 for hacking into a competitor's site, a £1.25 million fine from the ICO over a payment data breach, and failure to protect against bot attacks, which disrupted high-demand ticket sales.