Massive Breach At Ticketmaster

Uploaded on 2024-05-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ticketmaster, the online ticket sales platform, has apparently been hit by a cyber attack. The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster, compromising the personal data of around 560 million users.  

A massive 1.3 terabytes of data, is now being offered for sale on the Dark Web at Breach Forums for a one-time sale for $500,000. 

ShinyHunters has allegedly accessed a critical user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data.  

Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach could have severe implications for the affected users, leading to identity theft, financial fraud, and further cyber attacks. 

In comment Oded Vanunu, the Chief Technologist at Check Point, said "“According to reports, hacking group "ShinyHunters" claims to have leaked a huge volume of data from Ticketmaster’s website. The proof provided by the seller on the infamous BreachForum website appears legitimate, although it is yet to be validated...  Extorted details include name, address, email, phone number plus order history and partial credit card numbers...

"With this, cybercriminals can commit identity theft and financial fraud, launch phishing attacks or take over online accounts. They may also use the data for blackmail, extortion, medical identity theft or credential stuffing. These actions could lead to significant financial losses for customers, damage to credit scores, and an erosion of trust."

"Despite the best efforts by international law enforcement to seize control of BreachForum, the platform continues to re-emerge and aid those looking to buy and sell illicit information. Its bounce back serves as a reminder of how resilient cybercriminals are, and why we as an industry need to keep pace with them in order to stop the extraction and trading of sensitive data." Vanunu said.

ShinyHunters is no stranger to the hacking and cybercrime world. The group is known for its high-profile data breaches and is also the owner of Breach Forums, a notorious platform for cybercrime activities.  Despite the FBI’s recent efforts to close the forum, ShinyHunters managed to reclaim the seized domain, showcasing their technical prowess and resilience against law enforcement actions.  

The Senior Risk Intelligence Manager at fraud protection platform SignifydXavier Sheikrojan thinks that a breach at Ticketmaster could have a more significant impact on businesses than initially anticipated.

"The repercussions could last for months or even years, especially with the rise of sleeper accounts -these are accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later... Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing customers. This not only protects the business but also safeguards loyal customers. A force reset of passwords can be a great strategy to provide extra protection for your customers...

'If you have manual review teams, ensure they are educated and aware of the latest data breach trends. Additionally, proactively find ways to optimise your machine learning detection. Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan said. 

This is not the first time Ticketmaster has been hit with security issues. In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine. Last November, it was allegedly hit by an attack which led to problems selling tickets for pop music star Taylor Swift's concert tour. 

Hackread   |   BBC   |   Mirror   |    Independent   |    LocalGuardian   |   EM360   |   Computing   |   Ars Technica

Image: Ideogram

You Might Also Read: 

Major Sporting Events Are Open Targets:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Five AI-driven Features to Enhance Payment Gateway Security
Safeguarding Data In The Quantum Computing Era »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

Armenia Startup Academy

Armenia Startup Academy

Armenia Startup Academy is a pre-acceleration program for selected Armenian tech companies and startups in areas including cybersecurity.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

Redington

Redington

Redington offer products and services in solution areas including digital transformation, hybrid infrastructure and cybersecurity.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

C5 Technology

C5 Technology

C5 Technology specialises in the provision of networking, security, and infrastructure services to enterprises and government agencies.