Hackers leak alleged Taylor Swift tickets, ramp up extortion on Ticketmaster

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras tour tickets, warning that more events will be leaked if a $2 million extortion demand is not paid.

In May, a well-known malware actor named ShinyHunters began selling the data of 560 million Ticketmaster customers for $500,000.

Ticketmaster later confirmed the data breach, which it said originated from its account on Snowflake, a cloud-based data warehousing company the company uses to store databases, process data and perform analytics.

In April, malicious actors began downloading the Snowflake databases of at least 165 organizations using credentials stolen by information-stealing malware.

The hackers then blackmailed the companies, demanding payment to prevent the data from being leaked or sold to other hackers. Companies that had data stolen from their Snowflake accounts include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.

Taylor Swift Tickets Leaked

Today, a malicious actor known as Sp1d3rHunters leaked what it claims to be ticket data for 166,000 Taylor Swift Eras Tour barcodes used to gain access to various concert dates.

Sp1d3rHunters, formerly known as Sp1d3r, is the malicious actor behind the sale of stolen data from Snowflake accounts, publicly extorting payments from various companies.

“Pay us $2 million USD or we will release your 680 million user details and 30 million additional event barcodes including: more Taylor Swift events, P!nk, Sting, F1 Formula Racing sporting events, MLB, NFL and thousands more events,” reads the extortion demand first shared by threat intelligence service HackManac.

The publication claims that the barcode data relates to Taylor Swift's upcoming concerts in Miami, New Orleans and Indianapolis.

The post contains a small sample of the alleged barcode data, which contains the value used to create a scannable barcode, seat information, ticket face value, and other information. The threat actor also shared details on how to transform this data into a scannable barcode.

While the barcode data was not part of the initial leak of stolen Ticketmaster data samples released by threat actors in May, some of the newly leaked data can be found in older leaks, including hashed credit card and ticket purchase order information.

The group behind these attacks is ShinyHunters, which has been responsible for numerous data breaches over the years. These include the leak of 386 million user records from 18 companies in 2020, a data breach at AT&T that affected 70 million customers, and most recently, the leak of 33 million phone numbers used with the multi-factor authentication app Authy.

BleepingComputer has reached out to Ticketmaster to confirm whether this is valid ticket data and whether the tickets will be reissued, but has not received a response at this time.