Alleged Ticketmaster hack breached data of half a billion customers

Ticketmaster is investigating a hacker collective's claim that it obtained the personal data of more than half a billion customers – in what would be the largest security breach ever seen.

Shiny Hunters claimed on the dark web that it had the personal information of 560 million Ticketmaster customers for a one-off sale of $500,000 (£393,000). Names, addresses, emails, phone numbers and the last four digits and expiration date of credit cards are what they claim to be for sale.

He also demanded a ransom so that the data would not be disclosed.

Cybersecurity expert Professor Matthew Warren told the BBC the advice was to never pay a ransom for stolen data, as this could increase the risk of future attacks.

“Once data has been stolen from the organization, there is nothing the organization can do to protect the data. If the organization had encrypted the data, if the data had been stolen, it would have been unusable by the hacker,” he said.

The collective has also been behind other high-profile data breaches, resulting in a loss of millions of dollars for the companies involved.

In 2021, the group sold a database of stolen information to 70 million customers of the American telecommunications company AT&T.

In September last year, almost 200,000 Pizza Hut customers in Australia had their data breached.

This comes after the recent relaunch of BreachForums, a dark web site where other hackers buy and resell stolen hardware.

Although the domain was shut down by the FBI in March 2023, leading to the arrest of its administrator Conor Brian Fitzpatrick, the site has reappeared.

Forum users often exaggerate the extent of their hacking to attract the attention of other hackers.

“If Ticketmaster has suffered a breach of this magnitude, it is important that it notifies its customers, but it is also important to consider that sometimes hackers make false or exaggerated claims regarding data breaches. People should not so do not be overly concerned until a violation is confirmed.” ” security researcher Kevin Beaumont told the BBC.

In 2020, Ticketmaster admitted to hacking one of its rival sites and agreed to pay a $10 million (£7.9 million) fine.

In November, a cyberattack created problems selling tickets for Taylor Swift's Era tour.

Australia's Department of Home Affairs says it is “working with Ticketmaster to understand the incident.” The FBI would also offer its services.

The American site Ticketmaster, one of the largest online ticket sales platforms in the world, has not yet confirmed whether it had suffered a security breach.

The Standard has contacted Ticketmaster and owner Live Nation for comment and is awaiting a response.