Australia investigating alleged Ticketmaster hack

Australia's Department of Home Affairs says it is working with Ticketmaster after hackers allegedly stole the personal data of more than half a billion customers.

Hacking group ShinyHunters is reportedly demanding a $500,000 (£400,000) ransom be paid to prevent the information from being sold to third parties.

Australia said it was aware of a breach and was “working with Ticketmaster to understand the incident.”

The American site Ticketmaster, one of the largest online ticket sales platforms in the world, has not yet confirmed whether it had suffered a security breach.

Reports suggest that a group of hackers gained access to the names, addresses, phone numbers and partial payment details of 560 million Ticketmaster customers worldwide.

The FBI offered its assistance to the Australian authorities.

ShinyHunters has been linked to a series of high-profile data breaches resulting in millions of dollars in losses for the companies involved.

In 2021, the group sold a veritable database of stolen information to 70 million customers of the American telecommunications company AT&T.

In September last year, almost 200,000 Pizza Hut customers in Australia had their data breached.

This latest alleged hack coincides with the relaunch of BreachForums, a site on the dark web where other hackers buy and sell stolen hardware and hacking information.

The FBI cracked down on the domain in March 2023, arresting its administrator Conor Brian Fitzpatrick, but it has re-emerged, according to tech media.

Forum users often inflate the scale of their hack to attract the attention of other hackers.

This is often where large stolen databases first appear, but they can also contain false claims and assertions.

“If Ticketmaster has suffered a breach of this magnitude, it is important that it notifies its customers, but it is also important to consider that sometimes hackers make false or exaggerated claims regarding data breaches – people should not so do not be overly concerned until a violation is confirmed.” » says security researcher Kevin Beaumont.

Individuals who reported large batches of data in the past turned out to be duplicates of previous hacks rather than newly stolen information.

But if verified, the hack could constitute the largest breach ever recorded in terms of the number and scope of data stolen.