Ticketmaster breached: data of over 500 million users allegedly put up for sale online

Advertisement

Ticketmaster has reportedly experienced a massive data breach, resulting in the exposure of sensitive information on hundreds of millions of users. According to a report from Hackread, the hacking group ShinyHunters published a 1.3TB database containing compromised customer data on the newly-reopened BreachForums, a notorious underground hacking forum.

The database reportedly includes sensitive information on 560 million users, such as:

  • Names
  • Postal addresses
  • Email addresses
  • Phone numbers
  • Ticket sales and event details
  • Order information
  • Partial payment card data (cardholder names, last four digits of the cards, expiration dates, and some customer fraud details)

The hacking group is demanding $500,000 for the database. Before making the database available for sale, ShinyHunters allegedly attempted to extort Ticketmaster-Live Nation but received no response from the company.

The timing of the leak is particularly notable as it coincides with the recent relaunch of BreachForums. The forum had been seized by the FBI, and one of its key administrators, known as Baphomet, was reportedly arrested. ShinyHunters, who have claimed to be beyond the FBI’s reach, were involved in the forum’s reestablishment.

This leak appears to serve as a publicity stunt to attract attention to the revived BreachForums and to entice hackers to join the forum. For those with the financial means, the $500,000 price tag for the database could be considered a worthwhile investment. The data could be utilized for various malicious activities, including phishing attacks, identity theft, and other forms of cybercrime, potentially generating significant profits for the buyers.

In light of this breach, affected users are advised to:

  1. Monitor their financial accounts for any suspicious activity.
  2. Be cautious of phishing attempts and unsolicited communications.
  3. Consider utilizing credit monitoring services to safeguard against identity theft.

Ticketmaster has yet to issue a public statement regarding the breach and the steps they are taking to mitigate the damage and protect their users.