Data of 560 million Ticketmaster customers on sale after alleged breach

A malicious actor known as ShinyHunters is selling what it claims is the personal and financial information of 560 million Ticketmaster customers on the recently relaunched BreachForums hacking forum for $500,000.

The allegedly stolen databases, which were first put up for sale on Russian hacking forum Exploit, are said to contain 1.3TB of data and full customer details (i.e. their names, addresses personal and email and telephone numbers), as well as tickets. information about sales, orders and events.

They also contain customer credit card information, including hashed credit card numbers, last four digits of card numbers, credit card and authentication types, and expiration dates. financial transactions spanning from 2012 to 2024.

ShinyHunters told BleepingComputer that there were buyers interested in the data and said they thought one of them might be TicketMaster itself. When asked when and how the data was stolen, the threat actor responded that he “couldn't say anything about it.”

However, cybersecurity collective vx-underground claimed to have spoken to some malicious actors who allegedly breached Ticketmaster. They said they could steal data from the company's AWS instances “by switching from a managed service provider.”

Ticketmaster has not yet responded to multiple requests from BleepingComputer to confirm the threat actor's claims and provide more information about this alleged violation.

The FBI declined to comment when BleepingComputer asked whether it was working with Ticketmaster to investigate an incident related to ShinyHunters' claims.

Although BleepingComputer cannot independently confirm whether the data is legitimate, we have reviewed numerous samples shared by ShinyHunters and the data appears to come from TicketMaster.

Previous Prosecutions and Breaches

Last week, the U.S. Department of Justice and a bipartisan coalition of 30 attorneys general sued Live Nation Entertainment and its subsidiary Ticketmaster for their anticompetitive behavior and violation of the Sherman Antitrust Act by monopolizing the live events industry.

As Bloomberg first reported, customers have already filed a proposed class-action lawsuit this week against Ticketmaster and its parent company, Live Nation, over the alleged data breach. The action includes U.S. residents affected by this alleged violation.

The plaintiffs seek punitive damages, actual damages and attorneys' fees, as well as an order requiring Ticketmaster to pay for credit monitoring services and reveal what customer data was exposed during the incident.

Four years ago, Ticketmaster was fined $10 million for illegally accessing the systems of its competitor CrowdSurge by using the credentials of one of its former employees to gather economic information and use to “stifle” the activities of the rival company.

In 2018, the company also disclosed a data breach that affected approximately 5% of its customer base after attackers stole Ticketmaster login credentials, payment details, and personal information (i.e. names, addresses, email addresses and telephone numbers) belonging primarily to the United Kingdom. customers of systems from third-party provider Inbenta.

Part of Live Nation Entertainment, Ticketmaster processes more than 500 million tickets annually in 30 countries and controls nearly 80% of the U.S. ticketing industry.