Earlier this week, hackers on a dark web site claimed to have stolen data from hundreds of millions of Ticketmaster user accounts — but a source with knowledge of the investigation into the attack says there is no evidence that Ticketmaster fan accounts were compromised or personal user data was stolen.
Officials at Ticketmaster's parent company, Live Nation, acknowledged a breach on Friday (May 31) in a Securities and Exchange Commission (SEC) filing, noting that it had detected “unauthorized activity in a third-party cloud database environment containing company data (primarily by a subsidiary of Ticketmaster LLC) and launched an investigation with leading forensic experts to understand what happened.”
The statement noted that the company was “cooperating with law enforcement” and that “as of the date of this filing, the incident has not had, and we do not believe is reasonably likely to have, a material impact on our overall business operations or our financial condition or results of operations.”
According to the source, federal authorities are currently working to understand how a “dark web” website seized by the federal government was retaken on Monday (May 27) by hackers from the ShinyHunters group and used to ransom 1.3 terabytes of private of data allegedly stolen from Ticketmaster for $500,000. Investigators aren't sure what, if any, Ticketmaster files are kept in the 1.3 terabyte file, the source added.
The hack, says the source Advertising sign, did not involve a breach of the core Ticketmaster system. Instead, company officials are looking at the Snowflake cloud hosting service as a possible site of the hack. A hacker claiming to be involved in the attack told the website Bleeping calculator that they had hacked Santander Bank and Ticketmaster after hacking into an employee's account at Snowflake, which provides cloud hosting services for large companies. According to this report, Snowflake disputes the claim. Advertising sign independently confirmed that Ticketmaster uses Snowflake's cloud hosting service.
When reached for comment, he directed Live Nation Advertising sign back to the SEC filing. Snowflake did not respond to a press request for comment.
Australian ticketing company Ticketek also reported on Friday that it had been hacked, alerting customers that the names of some of its users, as well as their dates of birth and email addresses, may have been accessed in a data breach. In a statement on its website, Ticketet said user information was stored on a cloud-based platform hosted by a “reputable, global third-party vendor”.
“Ticketek has secure encryption methods in place for all passwords, and no Ticketek customer accounts have been compromised,” company officials said in a statement. “Furthermore, Ticketek uses secure encryption methods for online payments and uses a separate system to process online payments, which has not been affected. Ticketek does not hold any identity documents for its customers.”
