Ticketmaster's parent company Live Nation has confirmed "unauthorised activity" on its database, following claims by hacking group ShinyHunters that they have stolen personal details of 560 million customers. This stolen data reportedly includes names, addresses, phone numbers, and partial credit card details of users worldwide.
ShinyHunters, the group responsible for the breach, is demanding a $500,000 (£400,000) ransom to prevent the data from being sold to other parties. Live Nation, in a filing to the US Securities and Exchange Commission, disclosed that on May 27, "a criminal threat actor offered what it alleged to be Company user data for sale via the dark web," and that the company is investigating the matter.
While Live Nation has yet to confirm the number of affected customers, the breach was initially revealed through an online advertisement posted by the hackers. Ticketmaster notified its shareholders late on Friday but has not yet confirmed details to reporters or customers.
The Australian government is collaborating with Ticketmaster to address the issue, and the FBI has offered assistance, though a spokesperson for the FBI told the BBC they had "no comment on this matter."
In its SEC filing, Live Nation stated it was working to "mitigate risk" to its customers and notify them about the unauthorized access to their personal information. "As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing," the filing added.
Ticketmaster, one of the world's largest online ticket sales platforms, is now dealing with one of the biggest hacks in history in terms of global victims. Researchers suggest this breach might be part of a larger ongoing hack involving a cloud service provider called Snowflake. Recently, Santander confirmed that 30 million customer records were stolen by the same hacking group.
ShinyHunters, known for a series of high-profile data breaches, has posted data samples allegedly obtained from the breach on BreachForums, a dark web forum where hackers trade stolen material. This group has previously been linked to significant breaches, including the theft of data from 70 million AT&T customers and nearly 200,000 Pizza Hut customers in Australia.
Experts warn users to be vigilant against potential phishing scams using the stolen data. Sally Vincent, Senior Threat Research Engineer at LogRhythm, stated, "While the absence of full credit card numbers in the stolen data offers some relief, the data published on the BreachForums website will likely be sold to cybercriminals who will use it to conduct targeted phishing scams against the individuals in the database."
Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, emphasized the sophisticated techniques employed by ShinyHunters, noting the importance of robust security measures: "ShinyHunters are well versed in the art of data breaches. They are known for gaining access via Microsoft Office 365, GitHub, obtaining access to valid accounts, as well as exploiting vulnerabilities."
The breach comes amid ongoing legal battles for Live Nation, including a recent federal lawsuit from the Department of Justice accusing the company of using illegal tactics to maintain a monopoly over the live music industry. This hack further underscores the need for stringent cybersecurity measures, particularly in monopolized industries.
In response to the breach, cybersecurity experts advise consumers to watch for suspicious communications and potential phishing attempts. Nick Tausek, Lead Security Automation Architect at Swimlane, highlighted the risks: "The trove of data allegedly accessed by ShinyHunters includes personally identifiable information such as names, emails, addresses and partial payment card details. Such information falling into malicious hands opens the floodgates to potential phishing schemes and identity fraud."
As the investigation continues, Ticketmaster users are urged to remain vigilant and take necessary precautions to protect their personal information. The cybersecurity community stresses the importance of proactive security measures and a security-conscious culture to mitigate the risks of such breaches.