Cybercriminal group claims to have stolen personal data belonging to more than 500 million Ticketmaster customers. Although the Live Nation Entertainment-owned event ticketing service has not confirmed the attack, security experts warn that it could expose users of the platform to various scams.
The hackers, called ShinyHunters, said on an online forum that they had gained access to Ticketmaster customer information and planned to sell that data. But Jared M. Smith, an engineer at SecurityScorecard, a company that monitors computer network breaches across the Internet, cautions that it remains to be seen whether the theft is real.
“It’s still unverified. We don’t know if the hackers who released it made it up or not, that’s something we’re waiting for,” he said. “This could be part of a publicity stunt.”
Here’s what you need to know about the type of data that may have been exposed, as well as how to protect yourself.
What is ShinyHunters?
The hacking group emerged in 2020 and gained attention the following year by exposing massive amounts of customer records from more than 60 companies.
According to the Justice Department, ShinyHunters stored and sold stolen data on the “dark web,” including customer databases containing personal and financial information. Members of the group also used social media to solicit potential buyers of data, including sometimes telling the media about their exploits and posting images on a website appearing to show stolen material. The targets included a wide range of businesses and millions of consumers.
Sébastien Raoult, a French hacker and member of ShinyHunters, was sentenced in January to three years in prison and ordered to pay more than $5 million in restitution after pleading guilty to conspiracy to commit wire fraud and computer theft. aggravated identity.
ShinyHunters may not have hacked Ticketmaster, but could actually act as a middleman by selling customer data, experts noted. The group’s post said the data was available for purchase for $500,000 in a “one-time sale.”
How many people could have been affected?
ShinyHunters said it obtained personal data belonging to 560 million Ticketmaster customers. Although it is one of the largest cyberthefts of all time, one expert said some of the information the group claims to have stolen was likely already publicly available.
“The reality is there are a lot of missing records, and that looks really bad. But from a practical standpoint, how many people have had information stolen that isn’t already available? A lot of that information is public,” said Joseph, a cybersecurity expert. Steinberg told CBS MoneyWatch. “Based on the raw data itself, there is probably a lot less than it appears. We are sometimes impressed by the numbers, but what matters much more is the quality of the data and what what they mean.”
What type of information would have been disclosed?
ShinyHunters said it obtained Ticketmaster customers’ full address names, phone numbers, partial credit card details as well as order and transaction information.
CBS News reviewed 52 email addresses posted by ShinyHunters and found they were connected to individuals in several U.S. states, as well as Canada and New Zealand, CBS News’ Erielle Delzer reported. Many addresses were linked to TicketMaster accounts, while the names of current and former employees of the events platform were also included in the leak.
“It’s a lot of information that you don’t often see together,” Smith said. Often, hackers simply obtain usernames and passwords, and sometimes payment information. But you don’t often see addresses and past purchases, and all of that together would be a completely perfect setup for a group to create sites that look like Ticketmaster’s business partners to target consumers they know they have already purchased tickets to an event,” he told CBS MoneyWatch.
“This breach would prey on a very easy target audience to trick people into purchasing fake tickets,” Smith added.
What is Ticketmaster doing about this alleged attack?
Nothing yet. The company has not verified the alleged cyberattack. He did not immediately respond to a request for comment.
The Australian government announced Thursday it was investigating the hacking group’s allegations. The FBI has offered its assistance to Australian authorities, a spokesperson for the American embassy in Canberra told Agence France-Presse.
“The Australian Government is aware of a cyber incident affecting Ticketmaster,” an Australian Department of Home Affairs spokesperson said in a statement to CBS News. “The National Cyber Security Office is working with Ticketmaster to understand the incident.” The department also urged people with “specific inquiries related to this incident” to contact Ticketmaster.
What should Ticketmaster users do now?
First and most importantly, consumers should assume they are at risk of being hacked, Steinberg said, emphasizing the need for people to have the right mindset. For example, a consumer who believes they are being targeted by pirates will think twice before clicking on a link offering concert tickets for their favorite band from an unknown entity.
“You have to internalize the fact that you are a target. People who believe they are targeted behave differently than people who don’t believe that,” he said.
Regarding Ticketmaster, Smith urged consumers not to click on links to concert ticket sales they don’t recognize and to call the service’s help line to verify deals.
“Someone who didn’t think they were targeted would say, ‘Wow, that’s great, without thinking that they got the data from the Ticketmaster breach and manipulated it through social engineering,’” Steinberg said.
More generally, Steinberg recommended users use two-factor authentication to protect their accounts.
—Erielle Delzer of CBS News contributed to this report.