Ticketmaster has suffered a significant security breach, reportedly orchestrated by the hacker group ShinyHunters, compromising the personal data of over half a billion users. This cyberattack, which includes sensitive information such as names, addresses, phone numbers, email addresses, and partial payment data, emerges amidst other challenges for Ticketmaster, including an antitrust lawsuit filed by the U.S. Justice Department.
According to reports by Hackread and Cyber Daily, ShinyHunters claims responsibility for this breach, affecting approximately 560 million customers. The hackers have allegedly obtained a comprehensive set of user data from Ticketmaster, involving not just contact details but also ticket purchase histories and event information. The group is purportedly selling this data, amounting to 1.3 terabytes, for $500,000 on a hacking forum.
This breach’s timing is particularly troubling for Ticketmaster, coming just as the U.S. Justice Department seeks to dismantle what it perceives as a monopoly held by Ticketmaster’s parent company, Live Nation Entertainment, over the live music sector. This lawsuit posits potential benefits for consumers if the company’s dominant market position is broken up.
The specifics of how ShinyHunters executed the breach remain unclear, as Ticketmaster has not yet responded to inquiries or confirmed the details of the hackers’ claims. However, Australia’s Home Affairs Department has confirmed a “cyber incident impacting Ticketmaster customers,” suggesting that Australian media were likely the first to report on this development.
Ticketmaster’s security struggles are not new; the company has faced issues with bots and unauthorized data access in the past. In 2020, Ticketmaster settled a lawsuit by paying $10 million to SongKick after it was found that Ticketmaster employees had illicitly accessed its rival’s systems.
Regarding ShinyHunters, Mashable encountered the hacker group previously in 2020 when the company fell victim to their attacks. ShinyHunters managed to access a database linked to a now-disabled Mashable feature that permitted users to log in using their social media accounts such as Facebook. The stolen data comprised email addresses but did not include more sensitive information like passwords or financial data.
Related News:
Featured Image courtesy of Dado Ruvic/REUTERS