Everything You Should Know About the Ticketmaster Data Breach
- Martina
- 29 July 2024, Monday
Following numerous reports, Ticketmaster has finally confirmed its involvement in a major data breach affecting users across North America. Starting the second week of July, the ticketing company notified users that their personal information might have been accessed and stolen by the ShinyHunters hacking group. Letās explore the full details of the ongoing controversy in the article!
Challenges Mount for Live Nation and Ticketmaster
Things are simply not going well for the Live Nation Entertainment conglomerate and its subsidiary Ticketmaster. Back in May 2024, the U.S. Justice Department (DOJ) initiated legal action against both companies for violating federal and state laws related to "antitrust, competition, unlawful or unfair business practices, restraint of trade, and other causes of action."
The lawsuit marks an endgame to Ticketmasterās 2022 ticketing debacle, which affected ticket sales for the American leg of Taylor Swiftās Eras Tour. Already then, the companyās fiasco led to several fans filing lawsuits against the platform over price fixing, fraud, antitrust, intentional deception, and other violations.
Both Live Nation and Ticketmaster have denied guilt, attributing the lawsuit to competitors who try to limit competition and ticket brokers who want to continue "jacking up the prices."
ShinyHunters claim: over 1.3TB of data stolen
Now, just a month after the DOJ lawsuit, Ticketmaster is facing another significant issue. In recent emails sent to its customers, the company confirmed a massive breach of its data. In the notice, Ticketmaster says that "an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider" between April 2 and May 18, 2024.
Information about the breach first resurfaced at the end of May 2024. In a post published on the cybercrime platform Breach Forums, the notorious ShinyHunters hacking group claimed to have stolen the personal data of 560 million users across the USA, Canada, and Mexico. This reportedly amounts to 1.3 terabytes of data. An investigation revealed that the hackers accessed data by stealing the login details from Snowflake, the company managing Ticketmasterās cloud storage account.
As reported by Hackread, ShinyHunters has allegedly accessed a "treasure trove" of sensitive user information, including their full names, addresses, email addresses, phone numbers, ticket sales details, event information, and order details. They have also obtained partial card payment data, including customer names, the last four digits of their card numbers, the expiration dates, and even customer fraud details. As a cherry on top, the hacker group has put all the data up for sale with an initial asking price of $500,000.
While Ticketmaster acknowledged the breach, validating ShinyHunterās post and Hackreadās initial report, it denied that the cyberattack would materially impact its business operations. The company also said it was cooperating with law enforcement and taking steps to mitigate any risk to its users.
ShinyHunters leak 440K Taylor Swiftās Eras Tour ticket data
In early July, new details emerged indicating that the breach was much bigger than anticipated. Just in time for the annual Independence Day celebrations, ShinyHunters claimed to have stolen a total of 193 million ticketing barcodes. These include 440,000 Taylor Swift Eras Tour tickets, valued at $22 billion.
In yet-another thread on Breach Forums, titled āTicketmaster event barcodes āTaylor Swiftā pt 1/65000,ā the group suggested that Swift would be āperforming in front of the congressā instead of her tour, indicating the breachās far-reaching consequences and public exposure.
Additionally, ShinyHunters alleged that Live Nation originally offered to pay $1 million to keep the breach hidden from the public, with the hackers originally accepting the offer. However, after processing the data, they decided to increase their ransom ask to $8 million. They justified this increase by claiming they had found ways to make the breach more expensive and complicated for the affected company.
āDue to the nature of company ending exfil event after the crosswalk, [we] no longer accept $1M as we found out how to make way more expensive and insurance surely accepts this; we restart negotiations at $8M let the negotiator and insurance now. Otherwise for buyers $8M and youāre going first.ā
The hacking group has also revealed the extensive nature of their actions in this post, claiming to have gained access to:
680M orders details,
980M sales orders,
1.2 billion party lookup records,
Patron table,
400M encrypted credit card details with partial information,
560M AVS (Address Verification System) detail records,
4M encased and de-duped records, and
440M unique email addresses.
They didnāt forget to celebrate their achievements, claiming their attack to be the largest publicly-disclosed non-scrape breach of customer PII (Personal Identifiable Information) up to date.
Was Ticketmaster hacked by two different groups?
Following ShinyHunters' post, another Breach Forum user who goes under the name āSp1d3rHuntersā shared a new listing of 170,000 leaked Taylor Swiftās Eras Tour ticket barcodes. They demand a $2 million ransom and threaten to leak the information of 680 million users and 30 million more event barcodes to more Taylor Swift events, P!nk, Sting, F1 Formula Racing, NFL, and thousands more entertainment events.
While āSp1d3rHuntersā are believed to be related to the original group of hackers, this information has yet to be validated. In the worst-case scenario, Ticketmaster has been hacked and is now being blackmailed by two separate hacking groups. Another, more likely, possibility is that the hackers are trying to get as much money from the data breach as possible.
As of the time of writing, the thread published by ShinyHunters is no longer available. The only listing of breached customer data from Ticketmaster on the forums is the one published by Sp1d3rHunters requesting the $2 million ransom.
Ticketmasterās digital ticket security. What about physical tickets?
Ticketmaster didnāt take long to react to the threats made by the hacking group(s), asserting that no ticket information had been stolen. The company's statement revealed that its SafeTix technology prevents ticket theft by automatically refreshing the barcodes āevery few seconds.ā āThis is just one of many fraud protections we implement to keep tickets safe and unassailable,ā the company alleges.
Ticketmaster also denied any involvement in ransom negotiations, stating that, āSome outlets are inaccurately reporting about a ransom offer. We were never engaged for a ransom and did not offer them money.ā
However, the accuracy of the Ticketmasterās statement is now being challenged by both Hackread and the hacker group Sp1d3rHunters. In a follow-up thread, Sp1d3rHunters pointed out that Ticketmasterās comments do not address physical tickets.
āOur Response: Ticketmaster lies to the public and says barcodes can not be used,ā reads Sp1d3rHuntersā statement. āTickets database includes both online and physical ticket types. Physical ticket types are Ticketfast, e-ticket, and mail. These are printed and can not be automatically refreshed.ā
Sp1d3rHunters further emphasized their point by issuing a ransom demand: āTo Ticketmaster: Ticketfast is [the] smallest number of printable tickets,ā a separate ransom demand reads. āYou now have to reset 30k more tickets. Pay us $2million or we will leak the Mail and E-ticket barcodes for all your events.ā With the demand, they also published ā4-Step Guide to make your own Tickfast [sic] event PDFs with TMās official ticket guide.ā
In addition, on July 12, the hackers leaked another 10 million reportedly āun-refreshableā tickets (mail and E-tickets) to events and concerts featuring stars like Pearl Jam, Jennifer Lopez, Foo Fighters, Hozier, Rolling Stones, and Taylor Swift.
Class action lawsuit filed against Ticketmaster and Live Nation
Amid the ongoing controversy and investigations, Ticketmaster is already facing severe consequences. In May, two California residents filed a nearly 40-page class action lawsuit in Californiaās Central District Court over the data breach. The plaintiffs allege that both Live Nation and Ticketmaster failed to adequately secure their personal information, including full names, addresses, email addresses, partial payment card information, and more.
The lawsuit accuses Ticketmaster of negligence, breach and fiduciary duty, and other failings, citing the companyās inability āto implement and follow even the most basic security procedures.ā
According to the plaintiffs, the 560 million individuals affected by the breach will face long-term repercussions, including an āincreased risk of identity theft, and will consequentially have to spend, and will continue to spend, significant time and money to protect themselves.ā The legal text also emphasizes the potential āemotional pain and mental anguish and embarrassmentā that the victims may experience.
Overall, the submitted suit seeks to establish a nationwide class for all U.S. residents whose information was reportedly lifted and a subclass for California residents.
Whatās next?
The ongoing situation is far from resolved, with police investigating the identities of ShinyHunters and Sp1d3rHunters hackers and Ticketmaster working to mitigate the impacts on its users. Given the hackersā past actions, more leaks and ransom demands are likely to be published. Regardless of the cyberattackās severity, Live Nation and Ticketmaster may have to prepare for multiple lengthy and potentially hefty lawsuits.
It is also likely that the controversy will have long-term repercussions for both companies, affecting their reputation and influence in the ticketing industry. However, the full extent of these consequences has yet to be analyzed and revealed. Questions arise: Will artists and major labels distance themselves from Ticketmaster and Live Nations? Could this situation fundamentally destabilize the companies? We will have to wait and see!