Massive Breach At Ticketmaster

Uploaded on 2024-05-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ticketmaster, the online ticket sales platform, has apparently been hit by a cyber attack. The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster, compromising the personal data of around 560 million users.  

A massive 1.3 terabytes of data, is now being offered for sale on the Dark Web at Breach Forums for a one-time sale for $500,000. 

ShinyHunters has allegedly accessed a critical user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data.  

Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach could have severe implications for the affected users, leading to identity theft, financial fraud, and further cyber attacks. 

In comment Oded Vanunu, the Chief Technologist at Check Point, said "“According to reports, hacking group "ShinyHunters" claims to have leaked a huge volume of data from Ticketmaster’s website. The proof provided by the seller on the infamous BreachForum website appears legitimate, although it is yet to be validated...  Extorted details include name, address, email, phone number plus order history and partial credit card numbers...

"With this, cybercriminals can commit identity theft and financial fraud, launch phishing attacks or take over online accounts. They may also use the data for blackmail, extortion, medical identity theft or credential stuffing. These actions could lead to significant financial losses for customers, damage to credit scores, and an erosion of trust."

"Despite the best efforts by international law enforcement to seize control of BreachForum, the platform continues to re-emerge and aid those looking to buy and sell illicit information. Its bounce back serves as a reminder of how resilient cybercriminals are, and why we as an industry need to keep pace with them in order to stop the extraction and trading of sensitive data." Vanunu said.

ShinyHunters is no stranger to the hacking and cybercrime world. The group is known for its high-profile data breaches and is also the owner of Breach Forums, a notorious platform for cybercrime activities.  Despite the FBI’s recent efforts to close the forum, ShinyHunters managed to reclaim the seized domain, showcasing their technical prowess and resilience against law enforcement actions.  

The Senior Risk Intelligence Manager at fraud protection platform SignifydXavier Sheikrojan thinks that a breach at Ticketmaster could have a more significant impact on businesses than initially anticipated.

"The repercussions could last for months or even years, especially with the rise of sleeper accounts -these are accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later... Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing customers. This not only protects the business but also safeguards loyal customers. A force reset of passwords can be a great strategy to provide extra protection for your customers...

'If you have manual review teams, ensure they are educated and aware of the latest data breach trends. Additionally, proactively find ways to optimise your machine learning detection. Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan said. 

This is not the first time Ticketmaster has been hit with security issues. In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine. Last November, it was allegedly hit by an attack which led to problems selling tickets for pop music star Taylor Swift's concert tour. 

Hackread   |   BBC   |   Mirror   |    Independent   |    LocalGuardian   |   EM360   |   Computing   |   Ars Technica

Image: Ideogram

You Might Also Read: 

Major Sporting Events Are Open Targets:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Five AI-driven Features to Enhance Payment Gateway Security
Safeguarding Data In The Quantum Computing Era »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

CyberWarrior

CyberWarrior

CyberWarrior deliver training and consulting for some of the world’s top brands and also partner with national systems integrators to augment their teams with our expertise.

Greylock Partners

Greylock Partners

Greylock Partners is a leading venture capital firm based in Silicon Valley. We invest in all sectors of enterprise software technology including applications, cloud/SaaS, networking and security.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

Tugboat Logic

Tugboat Logic

Tugboat Logic was created to address the skills and expertise gap in the security and compliance industry. Our goal is to simplify and automate information security management for every enterprise.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

Blumira

Blumira

Blumira provides comprehensive, hybrid cloud security monitoring and reporting for organizations of all sizes, enabling them to detect and respond to cloud security threats quickly and effectively.

Sikich

Sikich

Sikich LLP is a leading professional services firm specializing in accounting, advisory, technology and managed services.

European Union Agency for Network and Information Security (ENISA)

European Union Agency for Network and Information Security (ENISA)

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).