Ticketmaster Data Breach: Over 500 Million Customer Data Allegedly Stolen by Hackers

Estimated Reading Time: 2 Minutes

Ticketmaster is in the news again. Just last week, on the morning of May 23, the Department of Justice (DOJ) filed an antitrust lawsuit against the company to break up the alleged monopoly its parent company, Live Nation Entertainment, holds over the live music and entertainment industry. Hopefully this will have a positive impact on concert goers.

What isn’t so positive is the latest news: a notorious hacker group, ShinyHunters, is claiming to have stolen 560 million Ticketmaster customers’ data. They’re asking for half a million for this 1.3 terabyte-sized set of data and say that it includes:

• Full names
  
  
• Addresses
  
  
• Phone numbers
  
  
• Email addresses
  
  
• Order history information, including ticket purchase details and Ticketmaster event information
  
  
• Partial payment data, including names, the last four digits of their credit card numbers and card expiration dates.

The posting was made on a popular hacking forum called BreachForums, which was actually seized by law enforcement just a couple of weeks ago.

How Do You or Your Customers Know If They Were Affected?

At this point in time, Ticketmaster has yet to comment on the alleged incident, but Australia's Home Affairs Department has confirmed a "cyber incident impacting Ticketmaster customers."

While the dataset is listed on the dark web, the leak does not mean that identity fraud has occurred. Consumers shouldn’t panic but should take the necessary precautions to help protect themselves from the negative impacts of a data breach.

• If you have an identity protection plan, now is the time to make sure that key Identity Monitoring items are being monitored:
  • Email address(es)
  • Mailing address(es)
  • Phone number(s)
  • Passwords
  • Social Security number
  • And other information that someone might use to attempt to steal your identity
    
    
• If you have a Ticketmaster or Live Nation account, change your password immediately and be absolutely sure that that password is not used elsewhere. Also, to ensure a strong password, we advise to let a password manager choose one for you.
  
  
• Consider setting up free fraud alerts with the three major credit bureaus – TransUnion, Experian, and Equifax. You can also request and review your free credit report via FreeCreditReport.com.
  
  
• Enable two-factor authentication where possible. This provides an extra layer of protection and is information that can’t be phished.
  
  
• Watch out for phishing attacks. Phishing emails often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  
  
• Lastly, monitor your financial accounts carefully, as fragmented financial data was included in this breach. Keep an eye out for any suspicious activity and report any unauthorized transactions or changes to the respective service providers.

ShinyHunters’ History

ShinyHunters first became known back in 2020-2021 when they exposed troves of customer data from more than 60 different companies, including AT&T Wireless and Microsoft.

Purported post by ShinyHunters to sell the Live Nation Ticketmaster dataset