Share this article on:
The hacker claims to have 30 million Ticketek Entertainment Group customer details for sale and shares the first 1 million Ticketmaster users for free.
A hacker named Sp1d3r made two posts to a popular clear web hacking forum late last week, sharing some of the data stolen in the Ticketmaster and Ticketek hacks earlier this month.
On 20 June, Sp1d3r – who may be linked to the ShinyHunters hacking group – made two posts just hours apart, complaining in the first one that “Ticketmaster will not respond to request to buy data from us”.
“They care not for the privacy of 680 million customers, so give you the first one million users free.”
Included in the post was a short sample set of data, with a large amount of information on each customer. A lot of the data is internal customer management data, such as customer and membership IDs. Still, there are also names, dates of birth, email and IP addresses, credit card type and expiration date, and the last four digits of credit card numbers.
All any forum user needs to do to get access to the full 1-million-person release is to reply to the original forum post, which unlocks a link to the data. There are currently three pages of replies; however, the last post suggests the data is not currently live.
“The link in this thread is dead. Please reply to the PM you were sent to get your thread moved back to the Databases section,” the 20 June post said.
The entire thread is currently in the “Databases Removed Content” section of the forum.
A bit over six hours after the initial post, Sp1d3r again posted more data, this time the details of 30 million customers of TEG – the Ticketek Entertainment Group, which is the parent company of Ticketek.
This contains a similar dataset to the Ticketmaster information but without any related credit card data – a small mercy for those impacted. The data does include name, gender, email address, and hashed passwords, as well as customer IDs and other internal details.
Both Ticketmaster – a US ticketing company – and Ticketek confirmed massive data breaches this month, most likely leaked to poorly configured instances of Snowflake database servers. Ticketek sent an alert to its customers about the incident on 31 May.
According to the letter, the hack took place on a cloud platform “hosted by a reputable, global third-party supplier”, though Ticketek declined to comment on whether or not that was a Snowflake instance.
“We would like to reassure you that Ticketek has secure encryption methods in place for all passwords and your Ticketek account has not been compromised,” Ticketek said.
Ticketek said that it uses “secure encryption” methods on credit card details and that all transactions are handled by a separate payment system.
“The available evidence at this time indicates that, from a privacy perspective, your name, date of birth, and email address may have been impacted,” Ticketek said at the time.
Cyber Daily has reached out to both Ticketmaster and Ticketek for comment.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.