Ticketmaster owner Live Nation has confirmed “unauthorized activity” on its database after a group of hackers claimed they had stolen the personal information of 560 million customers.
ShinyHunters, the group claiming responsibility for the breach, said the stolen data included the names, addresses, phone numbers and partial credit card details of Ticketmaster users worldwide.
The hacking group reportedly demanded a $500,000 (£400,000) ransom to prevent the data from being sold to other parties.
Live Nation said in a filing with the U.S. Securities and Exchange Commission that it is investigating a “criminal threat actor selling what it claims are the company’s user data via the dark web” on May 27.
Live Nation has not yet confirmed the number of customers affected by the data breach.
The hackers first disclosed the Ticketmaster data breach in a job ad late Wednesday. Ticketmaster declined to confirm the breach to reporters or customers, but notified shareholders late Friday.
The Australian government said it was working with Ticketmaster to resolve the issue. A spokesman for the US Embassy in Canberra told AFP the FBI had also offered to help.
An FBI spokesman told the BBC that “the bureau has no comment on this matter”.
Live Nation said in the filing that it is working to “mitigate customer risk” and is in the process of notifying users of the unauthorized access to their personal information.
“As of the date of this filing, this incident has not had, and we believe is unlikely to have, a material impact on our overall business operations, financial condition or results of operations. We continue to assess the risks and take ongoing remedial actions,” the company added.
Ticketmaster is one of the world’s largest online ticketing platforms. The hack is the largest in history, but it is not clear how sensitive the data was in the hands of the cyber criminals.
The researchers also warned that this was part of a larger hack involving a cloud service provider called Snowflake, which many large companies use to store data in the cloud. Snowflake notified customers that there had been an increase in cyber threat activity targeting some of its customer accounts.
On Friday, Santander confirmed that the data of around 30 million customers had been stolen and that the data was being sold by the same hacker group that hacked Ticketmaster. Santander added that “no UK customer data was affected or lost in the attack”.
It is believed that these hacks are all connected and that many other hacks may become public.
An ad containing some samples of data allegedly obtained in the breach was posted on the BreachForums website, a recently relaunched hacker forum on the dark web where other hackers buy and sell stolen material and information used to carry out hacking attacks.
ShinyHunters has been linked to a number of high-profile data breaches, resulting in millions of dollars in losses for the companies involved.
In 2021, the group sold a real database of 70 million customer information stolen from the American telecommunications company AT&T.
Last September, the data of nearly 200,000 Pizza Hut customers in Australia was compromised.
According to tech media reports, the FBI cracked down on the domain in March 2023 and arrested its administrator Conor Brian Fitzpatrick, but the domain reappeared.
Users of hacker forums often exaggerate the scale of their hacks to attract the attention of other hackers.
They are often where large stolen databases first appear, but can also contain false accusations and claims.
Large amounts of data reported by individuals in the past have been shown to be information copied from previous hacks, rather than newly stolen information.
If the data hack is as severe as ShinyHunters claims, it could be the worst data breach ever in terms of the amount and scope of data stolen.
This isn’t the first time Ticketmaster has had security issues.
In 2020, the company admitted to hacking into the network of one of its competitors and agreed to pay a $10 million fine.
The site was allegedly hit by a cyberattack in November last year, causing problems with ticket sales for Taylor Swift’s “Era” tour.
Earlier this month, US regulators sued Live Nation, accusing the entertainment giant of using illegal tactics to maintain a monopoly over the live music industry.
The Justice Department lawsuit said the company’s practices squeezed out competitors, led to higher fares and worse customer service.
What to do if you are worried you have been affected
Experts say if you think you might be a victim, it’s important not to panic but to remain vigilant.
Be wary of fake emails, messages and phone calls – hackers sometimes use details they have on their victims to trick them into revealing more information.
In some cases, scammers may try to exploit the fear caused by a hacking attack to try to convince you to share information.
Be especially wary of:
- Official-looking messages, such as “Reset password,” “Compensation received,” “Device scanned,” or “Missed delivery”
- Emails are filled with “tech jargon” designed to sound more convincing
- Being urged to take action immediately or within a limited time
In 2018, some of Ticketmaster’s customer information was hacked, and British officials also advised users to keep a close eye on their financial accounts for suspicious activity. They also recommended changing passwords for Ticketmaster and other websites where the same password is used.
