A well-known hacking group claims to have breached Ticketmaster and is trying to sell the personal data of 560 million Ticketmaster users, including their payment information, for $500,000, according to the website Hackread.
The alleged hacking group ShinyHunters has claimed credit for the breach, resulting in the theft of 1.3 terabytes of stolen data including usernames, contact information, order information and partial payment information such as the last four digits of a customer's credit card, dates expiry and even details designed to prevent fraud (ie mother's maiden name).
Officials at Live Nation, which owns Ticketmaster, have not commented on or confirmed the breach took place, but Australian Home Affairs officials told the Australian Broadcasting Company it was aware of a cyber incident that was part of a data breach expected to affect millions Ticketmaster customers worldwide.
A Home Office spokesman told the ABC the department was “working with Ticketmaster to understand the incident”.
“The data breach, if confirmed, could have serious implications for affected users, leading to potential identity theft, financial fraud and further cyberattacks,” explains the Hackread website. “The hacker group's bold move to make this data available for sale continues to demonstrate the growing threat of cybercrime and the increasing sophistication of these cyber adversaries.”
The raid comes as Ticketmaster and Live Nation face efforts by the federal government to break up the company on antitrust grounds. Last week, the Justice Department's antitrust division sued Ticketmaster in the Southern District of New York, alleging the company acted in a monopolistic manner. Company executives have vowed to fight the lawsuit.
ShinyHunters appeared on the radar of law enforcement in 2020 and has been linked to breaches affecting more than 60 companies. The group is known to use dark web forums to threaten to leak sensitive consumer information unless affected companies pay an online ransom. Most breaches are carried out using sophisticated phishing pages that mimic their target's login portals, tricking employees into entering account credentials and other sensitive data. ShinyHunters members then use the stolen credentials to log into the company's systems and steal customer data and information.
In January, a U.S. District Court in Seattle sentenced alleged ShinyHunters member Sebastien Raoult to three years in prison and $5 million in restitution after Raoult pleaded guilty to conspiracy to commit wire fraud and identity theft. The 22-year-old French national was arrested in Morocco in 2022 and extradited to the United States in January 2023.
ShinyHunters is reportedly selling Ticketmaster data on Breach Forums, an illegal marketplace that was seized by the FBI just two weeks ago.
On May 13, FBI officials arrested the site's administrator and seized access to login credentials for Hack Forums' entire infrastructure, including the backend, on its dark and clean sites.
“From June 2023 to May 2024, BreachForums operated as a pure marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, identification media, hacking tools, compromised databases, and other illegal services” , the FBI official said. in a statement at the time.
However, several days later, ShinyHunters reportedly contacted Breach Forums' domain registrar and successfully regained access, according to Hack News, with the FBI seizure notice on the site replaced by a “Site Temporarily Unavailable” message. Earlier today, the Breach Forums were updated again, this time with the allegedly stolen Ticketmaster data posted on the site for sale.