Ticketmaster

​A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000.

The allegedly stolen databases, which were first put up for sale on the Russian hacking forum Exploit, supposedly contain 1.3TB of data and the customers' full details (i.e., names, home and email addresses, and phone numbers), as well as ticket sales, order, and event information.

They also contain customer credit card information, including hashed credit card numbers, the last four digits of the card numbers, credit card and authentication types, and expiration dates, with financial transactions spanning from 2012 to 2024.

ShinyHunters told BleepingComputer that there are interested buyers in the data and said they feel one may be TicketMaster themselves. When asked when and how the data was stolen, the threat actor said they "can't say anything about this."

However, cybersecurity collective vx-underground claimed to have spoken to some threat actors who allegedly breached Ticketmaster. They said they could steal the data from the company's AWS instances "by pivoting from a Managed Service Provider."

Allegedly stolen Ticketmaster data for sale
Allegedly stolen Ticketmaster data for sale (BleepingComputer)

Ticketmaster has yet to reply to multiple requests from BleepingComputer to confirm the threat actor's claims and provide more information on this alleged breach.

The FBI declined to comment when BleepingComputer asked if they were working with Ticketmaster to investigate an incident related to ShinyHunters' claims.

While BleepingComputer cannot independently confirm if the data is legitimate, we have reviewed numerous samples shared by ShinyHunters, and the data appears to originate from TicketMaster.

Lawsuits and previous breaches

Last week, the U.S. Department of Justice and a bipartisan coalition of 30 attorneys general sued Live Nation Entertainment and its Ticketmaster subsidiary for its anticompetitive conduct and violating the Sherman Antitrust Act by monopolizing the live events industry.

As Bloomberg first reported, customers have already filed a proposed class action this week against Ticketmaster and its parent company, Live Nation for this alleged data breach. The action includes U.S. residents affected by this alleged breach.

The plaintiffs seek punitive damages, actual damages, and attorneys' fees, as well as an order requiring Ticketmaster to pay for credit-monitoring services and reveal what customer data was exposed in the incident.

Four years ago, Ticketmaster was fined $10 million for illegally accessing the systems of competitor CrowdSurge using the credentials of one of its former employees to collect business intelligence and use it to "choke off" the rival company's business.

In 2018, the company also disclosed a data breach that affected roughly 5% of its customer base after attackers stole Ticketmaster login information, payment details, and personal information (i.e., names, addresses, email addresses, and telephone numbers) belonging mostly to U.K. customers from the systems of third-party vendor Inbenta.

​Part of Live Nation Entertainment, Ticketmaster processes over 500 million tickets annually across 30 countries and controls nearly 80 percent of the U.S. ticketing industry.

Related Articles:

Ticketmaster sends notifications about recent massive data breach

Snowflake account hacks linked to Santander, Ticketmaster breaches

Ticketmaster confirms massive breach after stolen data for sale online

ShinyHunters claims Santander breach, selling data for 30M customers

FBI seize BreachForums hacking forum used to leak stolen data