All products are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more
Account details of half a billion Ticketmaster customers have been stolen in a devastating data breach, hackers claim. Millions of login credentials, including email addresses and payment details, will be sold on the Dark Web if Ticketmaster fails to pay the £400,000 ransom to the hacking group.
A group of hackers operating under the name ShinyHunters have claimed responsibility for the cyber attack. Hackers claim to have gained access to the names, billing addresses, phone numbers, and partial payment details of 560 million of the website’s customers.
The treasure trove of stolen data — totalling a whopping 1.3-terabytes — includes the last four digits of saved credit and debit cards as well as the expiry date.
The records siphoned from California-based Ticketmaster's database go as far back as 2011, The Register has reported. It also claims that authorities in Australia and the United States are actively engaging with Ticketmaster to understand and respond to the incident.
Ticketmaster has not yet publicly confirmed the breach, which follows a similar incident that saw records from 73 million AT&T customers sold on the Dark Web, including full name, email address, home address, phone number, social security number, date of birth, AT&T account number and passcode.
Popular TV platform Roku has also confirmed 576,000 accounts were left in the hands of criminals after suffering a devastating leak within the first few months of the year.
The online ticket sales platform, and its parent company, Live Nation, have been approached for comment. In a filing with the United States Securities and Exchange Commission, Live Nation said it discovered "unauthorised activity" in a third-party cloud database that mainly contained Ticketmaster data, and was working with forensic investigators.
Anthony Young, chief executive of UK cybersecurity firm Bridewell, said the incident should serve as a “wake-up call” to all firms to prioritise data protection in the face of the growing threat of cyber attacks.
“Ticketmaster reportedly falling victim to a data breach highlights the growing threat that large-scale cyber attacks pose to widely-used services,” he said.
“This breach, attributed to a hacker collective demanding a substantial six-figure ransom, signifies severe financial implications for companies. Bridewell’s recent research into critical national infrastructure organisations reveals that the average financial loss from ransomware attacks is nearly £300,000.
“However, the consequences extend beyond monetary loss. Operational disruption affects 42% of businesses, data loss impacts 39%, and reputational damage is a concern for 35% of those surveyed.
“Although Ticketmaster may not be classified as critical national infrastructure, the vast amount of personal data they manage globally has far-reaching implications. With an estimated 560 million people potentially affected, this is a disruptive breach and a stark reminder of the importance of fortifying cyber defences.
“It should be a wake-up call for all organisations to prioritise the protection of their data and systems against such pervasive threats. Especially high-profile organisations with a large number of users and customers, which make significant targets.”
The announcement of the vast haul from Ticketmaster's database comes at an interesting time. Hacking group ShinyHunters confirmed the stolen details on BreachForums — one of the most popular underground forums for hackers. The website was seized by the FBI earlier this year and one of the most prominent administrators, known by the alias Baphomet was purportedly arrested by US law enforcement.
With BreachForums now relaunched, the high-profile hack of half a billion Ticketmaster accounts has provided a headline-grabbing advertisement for the return of the shady forum.
A ransom of £400,000 for data that doesn't even include passwords or complete credit card numbers might sound too much, but hackers can leverage the amount of data allegedly included in the haul from Ticketmaster to launch a wave of attacks, including phishing attempts, identity theft, and social engineering.
If successful, these ploys could rake in the millions of dollars.
- View Deal | 24/7 Dark Web checks for data breaches — with 2 months FREE
- View Deal | Get started with password manager 1Password for FREE
It's been a rough few weeks for Ticketmaster and parent company Live Nation.
The US Justice Department, partnered with a group of 30 US States and the District of Columbia, filed a lawsuit to break up Live Nation in late May — arguing the concert promoter and its Ticketmaster unit illegally inflated concert ticket prices and hurt artists.
Politicians, concert fans and experts have called on authorities in the United States to reconsider investigating the 2010 merger of Live Nation Entertainment and Ticketmaster following the botched ticket sales of Taylor Swift's blockbuster Eras concert tour.
Ticketmaster merged with Live Nation back in 2010 to form a single company that handles ticket services, artist management, concert promotion, and venue ownership
REUTERS
For those who missed it, the immense demand for presale tickets to the United States leg of the Eras tour caused Ticketmaster to crash, forcing the company to cancel the sale completely. The fiasco drew the ire of Taylor Swift herself, who called it “excruciating” to watch. Ticketmaster apologised for the incident and launched a second opportunity for fans to snag the missed tickets.
For the UK and European legs of the Eras tour, which is now available to stream exclusively on Disney+, Ticketmaster introduced a number of additional hoops for fans to jump through in a bid to reduce the amount of traffic hitting its servers when tickets became available. It also staggered the ticket sales for different gigs.
Additional Reporting By Martyn Landi, PA Technology Correspondent