A group of cybercriminals claims to have stolen personal data belonging to more than… 500 million Ticketmaster customers. Although the ticketing service, owned by Live Nation Entertainment, has not confirmed the attack, security experts warn it could put the platform’s users at risk due to a range of scams.
The hackers, called ShinyHunters, said on an online forum that they had accessed Ticketmaster customer information and that they planned to sell the data. But Jared M. Smith, an engineer at SecurityScorecard, a company that monitors online computer network breaches, cautioned that it remains to be seen whether the theft is real.
He added: “It has not been verified yet. We do not know whether the hackers who published it are making this up or not, and this is something we are waiting for.” “It could be part of a publicity stunt.”
Here’s what to know about what type of data might be exposed, plus how to protect yourself.
What is ShinyHunters?
The hacking group emerged in 2020 and gained attention the following year when it exposed massive troves of customer records from more than 60 companies.
According to the Department of Justice, ShinyHunters stored and sold stolen data on the “dark web,” including customer databases containing personal and financial information. Members of the group also used social media to lure potential buyers for the data, including sometimes notifying media outlets about their exploits and posting photos on a website that appeared to offer stolen material. The targets included a range of companies and millions of consumers.
Sébastien Raoult, a French computer hacker and member of ShinyHunters, was sentenced in January to three years in prison and ordered to pay more than $5 million in restitution after pleading guilty to conspiracy to commit wire fraud and aggravated identity theft.
Experts note that ShinyHunters may not have hacked Ticketmaster, and instead could effectively act as an intermediary by selling customer data. The group’s post said the data was available for purchase for $500,000 in a “one-time sale.”
How many people might be affected?
ShinyHunters said it obtained personal data belonging to 560 million Ticketmaster customers. Although this may rank as one of the largest cyberthefts ever, one expert said that some of the information the group claims to have stolen is likely already publicly available.
“The reality is that there are a lot of records missing, and that sounds really bad. But from a practical standpoint, how many people have information stolen that doesn’t actually exist? A lot of it is public records,” said cybersecurity expert Joseph. Steinberg told CBS MoneyWatch. “From the raw data itself, there is probably a lot less than it seems. Sometimes the numbers dazzle us, but what matters most is the quality of the data and what it means.”
What kind of information was allegedly revealed?
ShinyHunters said it obtained Ticketmaster customers’ full names, addresses, phone numbers, partial credit card details, and order and transaction information.
CBS News reviewed 52 email addresses published by ShinyHunters and found they were linked to individuals in several U.S. states, as well as Canada and New Zealand, CBS News’ Ariel Delzer reported. Several addresses were linked to TicketMaster accounts, while the names of current and former employees of the event platform were also included in the leak.
“It’s a lot of information that you don’t see together very often,” Smith said. Often times, hackers obtain usernames, passwords, and sometimes payment information. But you don’t often see titles and past purchases, and all of that together would make a perfect setup for the group to position sites that look like Ticketmaster’s sales partners to target consumers they know have bought tickets to events before. He told CBS MoneyWatch.
“This hack would target a very easy target audience to trick people into buying fake tickets,” Smith added.
What is Ticketmaster doing about the alleged attack?
Nothing yet. The company did not verify the alleged cyber attack. It did not immediately respond to a request for comment.
The Australian government said on Thursday that it was investigating the hacking group’s allegations. A spokesman for the US Embassy in Canberra told AFP that the Federal Bureau of Investigation had offered assistance to the Australian authorities.
“The Australian government is aware of a cyber incident affecting Ticketmaster,” a spokesperson for the Australian Department of Home Affairs said in a statement to CBS News. “The National Cyber Security Office is cooperating with Ticketmaster to understand the incident.” The department also urged people with “specific questions related to this incident” to contact Ticketmaster.
What should Ticketmaster users do now?
First, and most importantly, consumers should assume they are at risk of being hacked, Steinberg said, stressing that people must have the right mindset. For example, a consumer who believes they are being targeted by hackers will think twice before clicking a link that offers them concert tickets to their favorite band from an unknown entity.
“You have to accept the fact that you are a target,” he said. “People who think they are being targeted behave differently than people who don’t.”
Regarding Ticketmaster, Smith urged consumers not to click on links for concert ticket sales they are not familiar with and to call the service’s support line to verify any offers.
“Someone who doesn’t think they’re being targeted will say, ‘Wow, that’s great,’ without thinking they got the data from the Ticketmaster breach and engineered that through social media,” Steinberg said.
More generally, Steinberg recommended people use two-factor authentication to protect their accounts.
— CBS News’ Arielle Delzer contributed to this report.
“Infuriatingly humble alcohol fanatic. Unapologetic beer practitioner. Analyst.”