Ticketmaster confirms hack which could affect 560m customers

Live Nation, the owner of Ticketmaster, confirmed “unauthorized activity” on its database following claims by the hacking group ShinyHunters that they had stolen personal details of 560 million customers. The stolen data reportedly includes names, addresses, phone numbers, and partial credit card details of Ticketmaster users worldwide. ShinyHunters is demanding a $500,000 (£400,000) ransom to prevent the data from being sold to other parties.

In a filing to the US Securities and Exchange Commission, Live Nation disclosed that on May 27, “a criminal threat actor offered what it alleged to be Company user data for sale via the dark web,” and stated that an investigation was ongoing. Live Nation has not confirmed the number of customers affected.

The breach was initially revealed by hackers who posted an advertisement for the data on Wednesday evening. Ticketmaster declined to confirm the breach to reporters or customers and instead notified shareholders late on Friday. The Australian government and the FBI have offered assistance, with the latter stating it had “no comment on this matter.”

Live Nation’s filing mentioned efforts to “mitigate risk” to its customers and that users were being notified about the unauthorized access. The company stated that the incident is not expected to have a material impact on its overall business operations or financial condition.

Ticketmaster, one of the largest online ticket sales platforms globally, faces one of the most significant data breaches in history in terms of affected users. However, the sensitivity of the stolen data remains unclear. Researchers warn this breach is part of a larger hacking campaign targeting a cloud service provider called Snowflake, which many large firms use for data storage. Snowflake has alerted its customers to increased cyber threat activity.

Additionally, Santander confirmed that data from an estimated 30 million customers had been stolen by the same hacking group, though UK customer data was not affected. It is believed these hacks are connected, with more potentially becoming public.

Samples of the allegedly stolen data have been posted on BreachForums, a dark web forum where hackers trade stolen material and hacking information. ShinyHunters, linked to previous high-profile breaches, sold a database of 70 million customers’ information from US telecoms firm AT&T in 2021 and breached almost 200,000 Pizza Hut customers in Australia last year.

Despite a crackdown by the FBI in March 2023, leading to the arrest of BreachForums’ administrator Conor Brian Fitzpatrick, the forum has resurfaced. Users on such forums often exaggerate their hacking activities, and large data breach claims can sometimes be duplicates of previous hacks.

If ShinyHunters’ claims are accurate, this breach could be one of the most significant ever in terms of numbers and data extent. Ticketmaster has faced previous security issues, including a $10 million fine in 2020 for hacking a competitor and a cyber-attack last November disrupting ticket sales for Taylor Swift’s Eras tour.

Furthermore, US regulators sued Live Nation earlier this month, accusing the company of using illegal tactics to maintain a monopoly over the live music industry, resulting in higher ticket prices and worse service for customers.