A well-known hacking group claims to have breached Ticketmaster and is attempting to sell the personal data of 560 million Ticketmaster users, including their payment details, for $500,000, according to the website Hackread.
Alleged hacking group ShinyHunters has claimed credit for the break-in, resulting in the theft of 1.3 terabytes of stolen data that includes usernames, contact information, order info and partial payment details, like the last four digits of a customer’s credit card, expiration dates and even details designed to prevent fraud (i.e. mother’s maiden name).
Officials with Live Nation, which owns Ticketmaster, have not commented or confirmed that the breach took place, but Australian officials with the country’s Department of Home Affairs told the Australian Broadcasting Company that it was aware of a cyber incident that was part of a data leak expected to impact millions of Ticketmaster customers globally.
A spokesperson from the Department of Home Affairs told the ABC that the department is “working with Ticketmaster to understand the incident”.
“The data breach, if confirmed, could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks,” the Hackread site explains. “The hacker group’s bold move to put this data on sale goes on to show the growing menace of cybercrime and the increasing sophistication of these cyber adversaries.”
The hack comes as Ticketmaster and Live Nation face attempts by the federal government to break the company up on antitrust grounds. Last week, the Department of Justice’s antitrust division sued Ticketmaster in New York’s Southern District, alleging that the company acted monopolistically. Company officials have vowed to fight the lawsuit.
ShinyHunters emerged on law enforcement’s radar in 2020 and has been linked to breaches affecting more than 60 companies. The group is known to use dark web forums to threaten to leak sensitive consumer information unless the affected companies pay an online ransom. Most breaches are carried out using sophisticated phishing pages that mimic their target’s login portals, tricking employees into entering account credentials and other sensitive data. Members of ShinyHunters then use the stolen credentials to log in to company systems and steal data and customer information.
In January, a U.S. District Court in Seattle sentenced alleged ShinyHunters member Sebastien Raoult to three years in prison and restitution of $5 million after Raoult pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. The 22-year-old French national was arrested in Morocco in 2022 and extradited to the United States in January 2023.
ShinyHunters is reportedly selling the Ticketmaster data on Breach Forums, an illegal marketplace that just two weeks ago had been seized by the FBI.
On May 13, FBI officials apprehended the site’s administrator and seized access to login credentials for the entire infrastructure of Breach Forums, including the backend, across its dark web and clear web sites.
“From June 2023 until May 2024, BreachForums was operating as a clearnet marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” FBI official said in a statement at the time.
But several days later, ShinyHunters allegedly contacted the domain registrar of Breach Forums and successfully regained access, according to Hack News, with the FBI seizure notice on the site replaced by a “Site Temporarily Unavailable” message. Earlier today, Breach Forums was updated again, this time with the alleged stolen Ticketmaster data posted on the site for sale.