Massive Breach At Ticketmaster

Ticketmaster, the online ticket sales platform, has apparently been hit by a cyber attack. The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster, compromising the personal data of around 560 million users.  

A massive 1.3 terabytes of data, is now being offered for sale on the Dark Web at Breach Forums for a one-time sale for $500,000. 

ShinyHunters has allegedly accessed a critical user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data.  

Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach could have severe implications for the affected users, leading to identity theft, financial fraud, and further cyber attacks. 

In comment Oded Vanunu, the Chief Technologist at Check Point, said "“According to reports, hacking group "ShinyHunters" claims to have leaked a huge volume of data from Ticketmaster’s website. The proof provided by the seller on the infamous BreachForum website appears legitimate, although it is yet to be validated...  Extorted details include name, address, email, phone number plus order history and partial credit card numbers...

"With this, cybercriminals can commit identity theft and financial fraud, launch phishing attacks or take over online accounts. They may also use the data for blackmail, extortion, medical identity theft or credential stuffing. These actions could lead to significant financial losses for customers, damage to credit scores, and an erosion of trust."

"Despite the best efforts by international law enforcement to seize control of BreachForum, the platform continues to re-emerge and aid those looking to buy and sell illicit information. Its bounce back serves as a reminder of how resilient cybercriminals are, and why we as an industry need to keep pace with them in order to stop the extraction and trading of sensitive data." Vanunu said.

ShinyHunters is no stranger to the hacking and cybercrime world. The group is known for its high-profile data breaches and is also the owner of Breach Forums, a notorious platform for cybercrime activities.  Despite the FBI’s recent efforts to close the forum, ShinyHunters managed to reclaim the seized domain, showcasing their technical prowess and resilience against law enforcement actions.  

The Senior Risk Intelligence Manager at fraud protection platform SignifydXavier Sheikrojan thinks that a breach at Ticketmaster could have a more significant impact on businesses than initially anticipated.

"The repercussions could last for months or even years, especially with the rise of sleeper accounts -these are accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later... Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing customers. This not only protects the business but also safeguards loyal customers. A force reset of passwords can be a great strategy to provide extra protection for your customers...

'If you have manual review teams, ensure they are educated and aware of the latest data breach trends. Additionally, proactively find ways to optimise your machine learning detection. Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan said. 

This is not the first time Ticketmaster has been hit with security issues. In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine. Last November, it was allegedly hit by an attack which led to problems selling tickets for pop music star Taylor Swift's concert tour. 

Hackread   |   BBC   |   Mirror   |    Independent   |    LocalGuardian   |   EM360   |   Computing   |   Ars Technica

Image: Ideogram

You Might Also Read: 

Major Sporting Events Are Open Targets:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Five AI-driven Features to Enhance Payment Gateway Security
Safeguarding Data In The Quantum Computing Era »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Datiphy

Datiphy

Datiphy's data-centric security platform uses behavioral analytics, and data-centric auditing and protection capabilities to mitigate risk.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

Inky Technology Corp

Inky Technology Corp

Inky® Phish Fence is an email protection gateway that uses sophisticated AI, machine learning and computer vision algorithms to block deep sea phishing attacks that get through every other system.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

Stairwell

Stairwell

Stairwell is building a new approach to cybersecurity around a vision that all security teams should be able to determine what’s good, what’s bad, and why.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

BetterWorld Technology

BetterWorld Technology

BetterWorld Technology provides cloud solutions, managed services, SaaS, cybersecurity and virtual CIO, all customized to meet your needs.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.