Massive Breach At Ticketmaster
Ticketmaster, the online ticket sales platform, has apparently been hit by a cyber attack. The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster, compromising the personal data of around 560 million users.
A massive 1.3 terabytes of data, is now being offered for sale on the Dark Web at Breach Forums for a one-time sale for $500,000.
ShinyHunters has allegedly accessed a critical user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data.
Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach could have severe implications for the affected users, leading to identity theft, financial fraud, and further cyber attacks.
In comment Oded Vanunu, the Chief Technologist at Check Point, said "“According to reports, hacking group "ShinyHunters" claims to have leaked a huge volume of data from Ticketmaster’s website. The proof provided by the seller on the infamous BreachForum website appears legitimate, although it is yet to be validated... Extorted details include name, address, email, phone number plus order history and partial credit card numbers...
"With this, cybercriminals can commit identity theft and financial fraud, launch phishing attacks or take over online accounts. They may also use the data for blackmail, extortion, medical identity theft or credential stuffing. These actions could lead to significant financial losses for customers, damage to credit scores, and an erosion of trust."
"Despite the best efforts by international law enforcement to seize control of BreachForum, the platform continues to re-emerge and aid those looking to buy and sell illicit information. Its bounce back serves as a reminder of how resilient cybercriminals are, and why we as an industry need to keep pace with them in order to stop the extraction and trading of sensitive data." Vanunu said.
ShinyHunters is no stranger to the hacking and cybercrime world. The group is known for its high-profile data breaches and is also the owner of Breach Forums, a notorious platform for cybercrime activities. Despite the FBI’s recent efforts to close the forum, ShinyHunters managed to reclaim the seized domain, showcasing their technical prowess and resilience against law enforcement actions.
The Senior Risk Intelligence Manager at fraud protection platform Signifyd, Xavier Sheikrojan thinks that a breach at Ticketmaster could have a more significant impact on businesses than initially anticipated.
"The repercussions could last for months or even years, especially with the rise of sleeper accounts -these are accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later... Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing customers. This not only protects the business but also safeguards loyal customers. A force reset of passwords can be a great strategy to provide extra protection for your customers...
'If you have manual review teams, ensure they are educated and aware of the latest data breach trends. Additionally, proactively find ways to optimise your machine learning detection. Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan said.
This is not the first time Ticketmaster has been hit with security issues. In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine. Last November, it was allegedly hit by an attack which led to problems selling tickets for pop music star Taylor Swift's concert tour.
Hackread | BBC | Mirror | Independent | LocalGuardian | EM360 | Computing | Ars Technica
Image: Ideogram
You Might Also Read:
Major Sporting Events Are Open Targets:
___________________________________________________________________________________________
If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible