Ticketmaster Data Breach Impacts 560 Million Customers

A Ticketmaster data breach reportedly is impacting the personal data of 560 million users.

According to HackRead, the ShinyHunters threat group claims to have exfiltrated full names, phone numbers, home addresses, email addresses, payment card information, ticket sales and event information, and order information. The compromised payment data includes customer names, the last four digits of card numbers, expiration dates and customer fraud details.

The information stolen in the Ticketmaster data breach is being sold on BreachForums for $500,000.

Ticketmaster didn’t respond to a request for comment on the breach.

The online ticket broker has faced cyber incidents in the past, including a bot attack against the ticketing system, disrupting Taylor Swift concert ticket sales.

Ticketmaster Data Breach an ‘Unpleasant Reminder’ No One is Immune

Toby Lewis, global head of threat analysis at Darktrace, said this alleged attack on Ticketmaster is an “unpleasant reminder” that no organization is immune from cyber threats.

Darktrace's Toby Lewis

“However, it's crucial to approach this incident with skepticism until more information is available, as the timing of the data being offered on the relaunched BreachForums site raises questions about its authenticity,” he said. “If confirmed, Ticketmaster must be transparent about the accessed data. Customers can protect themselves by changing passwords and monitoring their accounts, although this may be fruitless if the attackers still have access or if there is no breach in the first place.”

It's advisable to wait for confirmation and follow instructions from Ticketmaster's incident response teams, Lewis said. While there's no harm in proactively changing passwords, including on accounts with re-used passwords, customers should be prepared to do it again if necessary.

Narayana Pappu, CEO of Zendata, said Ticketmaster has a significant market share of the ticket sales market, and incidents like this can have significant long-term impact.

Zendata's Narayana Pappu

“In the past, breaches have led to companies losing market share to key competitors,” he said. “The Ashley Madison and Equifax breaches are a couple of examples.”

Customers Will See Impact Months From Now

John Bambenek, president of Bambenek Consulting, said the good news for Ticketmaster customers is that some of the more sensitive information hasn’t been stolen, including full card numbers, so likely this could be used for targeted phishing. This is why the price of the database is so small compared to the number of records. Consumers will see this months from now.

“Ticketmaster is a near monopoly in its space,” he said. “Since the risks customers will face will be in the future in the form of phishing, odds are the impact is minimal. Consumers have become numb to data breaches, which leads to industry complacency.”

Dan Schiappa, Arctic Wolf’s chief product and services officer, said bad actors increasingly are going after “whales” like Ticketmaster not only to turn a profit, but to showcase their reach and skill.

“ShinyHunters has a pattern of targeting large corporations in Australia, and taking credit for stealing 560 million customer records unfortunately elevates their brand, something advanced persistent threat (APT) groups do care about,” he said. “These types of attacks are not only catastrophic for the image of the targeted company, but trickle down to the consumer level as well, as names, addresses, phone numbers and partial credit card details were allegedly part of the stolen data.”

It’s important to understand that attacks like these can happen to any corporation, regardless of how big they are or how strong their security environment is, Schiappa said.

“The security of even massive companies is only as strong as their least security-aware employee, which is why it's so critical for security leaders to implement zero-trust principles and identity access management (IAM) tools like multifactor authentication, VPNs and regular security awareness trainings,” he said.