Ticketmaster’s Data Breach: Over 560 Million Customers Affected

Threat Actor: ShinyHunters | ShinyHunters
Victim: Ticketmaster | Ticketmaster
Price: $500,000
Exfiltrated Data Type: Names, emails, addresses, phone numbers, ticket sales, and order details

Additional Information :

  • ShinyHunters, the current administrator of BreachForums, claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000.
  • The stolen data includes names, emails, addresses, phone numbers, ticket sales, and order details.
  • The data breach compromised the data of 560 million customers.
  • Unauthorized activity within a third-party cloud database environment containing Ticketmaster data was identified on May 20, 2024.
  • An investigation was launched with industry-leading forensic investigators to understand the incident.
  • A criminal threat actor offered the alleged Company user data for sale via the dark web on May 27, 2024.
  • Ticketmaster owner Live Nation confirmed the data breach and is working to mitigate risks and cooperate with law enforcement.
  • Regulatory authorities and impacted users have been notified.
  • The data breach is not expected to have a material impact on Live Nation’s overall business operations or financial condition.
  • The threat actor claimed to have breached both Santander and Ticketmaster using credentials obtained through information-stealing malware.
  • The threat actor exfiltrated data, including auth tokens for accessing customer accounts, from a cloud storage company called Snowflake.
  • The threat actor used a Snowflake employee’s ServiceNow account credentials to gain access to the data.
  • The threat actor also claimed to have used this method to steal data from other companies.

ShinyHunters, the current administrator of BreachForums, recently claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000. Stolen data includes names, emails, addresses, phone numbers, ticket sales, and order details.

This week Ticketmaster owner Live Nation confirmed the data breach that compromised the data of 560 million customers.

On May 20, 2024, Live Nation Entertainment, Inc. (the “Company” or “we”) identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened. On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.

As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.

Threat actors had access to a third-party cloud database environment containing company data. The company discovered the intrusion on May 20, 2024, and immediately launched an investigation with industry-leading forensic investigators.

The stolen data were offered for sale on the dark web a week later.

“On May 20, 2024, Live Nation Entertainment, Inc. (the “Company” or “we”) identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened.” reads the form 8-K filing to the US Securities and Exchange Commission.

“On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web.”

Live Nation notified regulatory authorities and impacted users.

Bleeping Computer reported that ShinyHunters told Hudson Rock Co-Founder Alon Gal that he breached both Santander and Ticketmaster. The threat actor revealed that the data was stolen from cloud storage company Snowflake by using credentials obtained through information-stealing malware to access a Snowflake employee’s ServiceNow account. The threat actors used to credential to exfiltrate data, including auth tokens for accessing customer accounts. The threat actor also claimed to have used this method to steal data from other companies.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ShinyHunters)



Original Source: https://securityaffairs.com/163999/data-breach/ticketmaster-confirms-data-breach.html