Share this article on:
An infamous hacking collective claims to have 1.3 terabytes of customer data stolen from the entertainment giant, as Home Affairs confirms it is on the case.
The ShinyHunters hacking group has shared the details of an alleged hack of Ticketmaster and Live Nation and is selling the data for a one-time price of US$500,000.
The data is for sale on a popular clear web hacking forum, and ShinyHunters claims to have the details of 560 million Ticketmaster customers in 16 different folders and files, each dozens of gigabytes in size.
The hackers also shared a sample of the data, which includes hashed credit card numbers, the last four digits of credit cards, credit card expiration dates, and fraud details, as well as customer names, addresses, and emails.
“560 million customers full details (name, address, email, phone),” ShinyHunters said in its post. “Ticket sales, event information, order details.”
The data was posted overnight on 28 May, but curiously, a second hacker on a different forum – this one Russian – has made an identical post. It is unknown if the second hacker has any links to ShinyHunters.
ShinyHunters has a track record of large-scale data breaches reaching back to May 2022, when it released data belonging to Indonesian e-commerce giant Tokopedia, as well as large volumes of customer data from Microsoft and Wishbone.
In 2022, ShinyHunters leaked the information of 70 million AT&T subscribers, and other victims include Home Chef, Star Tribune, and Pixlr. The group’s leader is also the administrator of the BreachForums hacking community, which was recently resurrected on both the clear and dark webs after being seized by the FBI and a team of international law enforcement agencies, including the Australian Federal Police, in May 2024.
The group is named after the Pokémon video game franchise.
ShinyHunters told Hackread.com that it has attempted to contact Ticketmaster but has not had any luck hearing back from them.
Cyber Daily has reached out to Ticketmaster for comment. It is currently unknown if any Australian Ticketmaster customers have been impacted.
According to the ABC, the Department of Home Affairs is "Working with Ticketmaster to understand the incident".
Even so, Christopher Budd, director, threat research at Sophos, is rightly wary of the data at this stage.
“Right now, since we only have the attackers’ words to go on, it’s too early to make any firm statements about whether there was a breach and what, if any, data was stolen," Budd told Cyber Daily.
"While there allegedly are new data in the dump, there is also older info, meaning it could be a series of concatenated data. Regardless of whether the breach is legitimate, the attackers have been successful in drawing attention to a criminal forum that was recently taken down. As with many take downs like this, we often see the sites rebooted, so organisations should never let their guard down.”
UPDATED 30/05/24 to add Home Affairs statement.
UPDATED 30/05/24 to add Sophos statement.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.