em360tech image

Swifties hoping for an "Enchanted" evening at the Eras Tour might be facing a "Delicate" situation. Cybercriminals have claimed that they have obtained barcode data for a large number of tickets to Taylor Swift's Eras Tour.

The group causing the "Trouble" is believed to be ShinyHunters and a possible associate Sp1d3rHunters, is demanding a ransom from Ticketmaster in exchange for not leaking the information online.

The hackers posted a sample of the stolen data on an online forum, which included ticket information for Swift's concerts in Indianapolis, Miami, and New Orleans.

The cybercriminal gang further allege to have barcodes for over 30 million additional tickets, targeting other high-profile events including concerts and sporting fixtures.

Who is Behind the Taylor Swift Eras Tour Cyber Attack?

Hacking group ‘ShinyHunters’ have claimed to be responsible for the Taylor Swift Era’s Tour ticket cyber attack.

The hacking gang have posted samples of the data to an online forum and claims to possess an additional 30m million barcodes for more high-profile concerts and events.

ShinyHunters emerged in 2020 and gained a huge “Reputation” for a string of significant data breaches. They appear to target organizations across different sectors, though they've shown a preference for companies using Microsoft Office 365. Their tactics have typically involved exploiting vulnerabilities in cloud storage and authorization systems, though their method in this cyber attack has not been confirmed.

Ticketmaster’s Response

Ticketmaster has denied offering money to the hackers and claimed that the hackers had not been in contact with the company about ransom.

The data appears to be a result of the same hacking group's large-scale attack on Ticketmaster and LiveNation from earlier this month. However, cybersecurity experts confirm that the stolen data would not be useful for gaining access to an arena. 

taylor swift eras tour data leak ticketmaster

Ticketmaster reassured customers that its ticketing technology prevents any leaked barcodes from being used as tickets.

“With Taylor Swift’s Eras tour being one of the most talked about events of the year, it’s no surprise cybercriminals are looking to target the event.” Suzan Sakarya, Senior Manager, EMEIA Security Strategy at Jamf told EM360Tech.

She went on to explain that “as a security measure, Ticketmaster uses dynamic barcodes. This means that the theft of barcode data will be ineffective in creating fake tickets. Therefore, we warn anyone thinking of buying such data to get an Eras ticket to think twice, since it won’t work.”

“Ticketmaster has confirmed they’re refusing to discuss ransom payments with ShinyHunters, which is the correct course of action. Paying ransoms does not guarantee that stolen information won’t be leaked and only fuels ShinyHunters’ future criminal activity,” Sakara explained.

“Whilst Ticketmaster investigates how legitimate this particular breach is, the claims made by ShinyHunters will still be damaging. Ticketmaster is heralded as the safe option so any rumoured breach can jeopardize the brand's reputation. It’s critical that organizations improve their cyber resilience, this includes the implementation of MFA and rigorous patching processes,” She concluded.

What to do if your ticket data has been leaked?

Fans might not be feeling so “Fearless” as concerns mount over if their ticket data has leaked. Luckily Swifties seem to be “Out of The Woods” as the breach is highly unlikely to disrupt a night at the Eras Tour. Ticketmaster has confirmed that its ticketing technology will prevent leaked barcodes from being used as tickets by refreshing barcodes every few seconds.

Keep an eye on Ticketmaster's website and social media for any announcements. If anything changes they will advise on how to verify if your tickets are affected or what steps to take.

However, remain vigilant if you receive emails or calls claiming your tickets are affected and asking for money or personal information, report them as phishing attempts to Ticketmaster and relevant authorities.

If you decide to resell your tickets due to concerns, avoid unofficial channels and stick to reputable platforms with buyer protection policies.

“Long Story Short” fans should keep an eye out for official communications from Ticketmaster, but ultimately “Shake It Off” as the data leak is unlikely to affect fans accessing the stadiums.