An infamous hacking group claims that it stole the personal information of 560 million Ticketmaster customers — more than half a billion people — and is offering the pilfered data on the dark web for US$500,000.
The data includes customers’ names, addresses, phone numbers and partial credit card details, including the last four digits of credit and debit cards and card expiration dates, according to HackRead, which first reported on the data breach.
Ticketmaster and its parent company Live Nation have yet to confirm that the data breach took place and they have not made a public statement about the hacker’s claims. Ticketmaster did not respond to a Global News request for comment.
The group that says it carried out the hack is called ShinyHunters, which has been behind a number of high-profile data breaches targeting Microsoft, AT&T and Mashable. The group put up the alleged 1.3-terabyte trove of stolen data for sale on Breach Forums, a dark web site owned by ShinyHunters.
In an exclusive statement to HackRead, ShinyHunters shared that they attempted to contact Ticketmaster regarding the breach but did not receive a response.
The Australian government said Thursday that it is investigating the hackers’ claims and the FBI has offered its assistance.
“The Australian Government is aware of a cyber incident impacting Ticketmaster,” a spokesperson for the Australia Home Affairs Department told CBS News. “The National Office of Cyber Security is engaging with Ticketmaster to understand the incident.”
Privacy Commissioner of Canada Philippe Dufresne told Global News Thursday that he is “aware of media reports” about the Ticketmaster hack but his office “has not yet been notified of Canadian customer data being involved in the breach.”
Businesses, like Ticketmaster, that are subject to Canadian privacy laws must report breaches involving Canadian customers’ data when the breach poses a real risk of significant harm to the individual.
The privacy commissioner added that he has reached out to Ticketmaster to “obtain more information and determine next steps.”
News of the hack comes just one week after Ticketmaster, a California-based company, was sued by the U.S. Department of Justice for allegedly operating an illegal monopoly over live events in America, driving up prices for fans and blocking out smaller concert promoters.
“We allege that Live Nation relies on unlawful, anticompetitive conduct to exercise its monopolistic control over the live events industry in the United States at the cost of fans, artists, smaller promoters, and venue operators,” U.S. Attorney General Merrick Garland said in a statement.
“The result is that fans pay more in fees, artists have fewer opportunities to play concerts, smaller promoters get squeezed out, and venues have fewer real choices for ticketing services. It is time to break up Live Nation-Ticketmaster.”
This isn’t the first time a cybersecurity incident has negatively impacted Ticketmaster customers. The ticket seller sparked outrage in November 2022 when its site crashed during a presale event for a Taylor Swift stadium tour. The company said its site was overwhelmed by both fans and attacks from bots, which were posing as consumers to scoop up tickets and sell them on secondary sites.
The debacle prompted congressional hearings and bills in state legislatures aimed at better protecting consumers.
Hacks and cybersecurity attacks have become a common occurrence for businesses that operate on the web and experts see the trend increasing over time.
The number of people impacted by data breaches “will grow, it could be up to one billion in the future,” cybersecurity professor Katina Michael told AFP.
Michael warns that governments, companies and consumers alike are not doing enough to protect sensitive, private data. She recommends using two-factor authentication as a basic means of protection.
Ticketmaster customers concerned that their data may have been breached as part of the alleged hack should change their account passwords.
— With files from the Associated Press