Massive Breach At Ticketmaster

Uploaded on 2024-05-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ticketmaster, the online ticket sales platform, has apparently been hit by a cyber attack. The notorious hacker group ShinyHunters has claimed to have breached the security of Ticketmaster, compromising the personal data of around 560 million users.  

A massive 1.3 terabytes of data, is now being offered for sale on the Dark Web at Breach Forums for a one-time sale for $500,000. 

ShinyHunters has allegedly accessed a critical user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data.  

Specifically, the compromised payment data includes customer names, the last four digits of card numbers, expiration dates, and even customer fraud details. The data breach could have severe implications for the affected users, leading to identity theft, financial fraud, and further cyber attacks. 

In comment Oded Vanunu, the Chief Technologist at Check Point, said "“According to reports, hacking group "ShinyHunters" claims to have leaked a huge volume of data from Ticketmaster’s website. The proof provided by the seller on the infamous BreachForum website appears legitimate, although it is yet to be validated...  Extorted details include name, address, email, phone number plus order history and partial credit card numbers...

"With this, cybercriminals can commit identity theft and financial fraud, launch phishing attacks or take over online accounts. They may also use the data for blackmail, extortion, medical identity theft or credential stuffing. These actions could lead to significant financial losses for customers, damage to credit scores, and an erosion of trust."

"Despite the best efforts by international law enforcement to seize control of BreachForum, the platform continues to re-emerge and aid those looking to buy and sell illicit information. Its bounce back serves as a reminder of how resilient cybercriminals are, and why we as an industry need to keep pace with them in order to stop the extraction and trading of sensitive data." Vanunu said.

ShinyHunters is no stranger to the hacking and cybercrime world. The group is known for its high-profile data breaches and is also the owner of Breach Forums, a notorious platform for cybercrime activities.  Despite the FBI’s recent efforts to close the forum, ShinyHunters managed to reclaim the seized domain, showcasing their technical prowess and resilience against law enforcement actions.  

The Senior Risk Intelligence Manager at fraud protection platform SignifydXavier Sheikrojan thinks that a breach at Ticketmaster could have a more significant impact on businesses than initially anticipated.

"The repercussions could last for months or even years, especially with the rise of sleeper accounts -these are accounts created using stolen details that initially make small, credible orders to avoid detection, only to escalate to larger abuses later... Businesses should stay vigilant and implement robust protective measures, such as monitoring for anomalies in behaviour from their existing customers. This not only protects the business but also safeguards loyal customers. A force reset of passwords can be a great strategy to provide extra protection for your customers...

'If you have manual review teams, ensure they are educated and aware of the latest data breach trends. Additionally, proactively find ways to optimise your machine learning detection. Balancing advanced technology with human oversight will be essential in addressing the fallout from this breach." Sheikrojan said. 

This is not the first time Ticketmaster has been hit with security issues. In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine. Last November, it was allegedly hit by an attack which led to problems selling tickets for pop music star Taylor Swift's concert tour. 

Hackread   |   BBC   |   Mirror   |    Independent   |    LocalGuardian   |   EM360   |   Computing   |   Ars Technica

Image: Ideogram

You Might Also Read: 

Major Sporting Events Are Open Targets:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Five AI-driven Features to Enhance Payment Gateway Security
Safeguarding Data In The Quantum Computing Era »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

Solana Networks

Solana Networks

Solana Networks is a specialist in IT networking and security.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

BwCIRT

BwCIRT

BwCIRT is the Computer Incident Response Team (CIRT) for Botswana and provides an official point of contact for dealing with computer security incidents.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

BT Security

BT Security

BT provides telecommunications and network infrastructure services to keep businesses around the world connected and secure.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

Ark Technology Consultants

Ark Technology Consultants

Ark Technology Consultants is a unique IT Services Firm which blends technology solutions with consultative insight around governance and process management.