Customer Data Breached in Ticketmaster Cyber Attack

Australia's Department of Home Affairs is working with Ticketmaster after a cyber attack allegedly allowed hackers to steal the data of over half a billion customers.

The attack, claimed by the hacker group ‘ShinyHunters’ on Wednesday,  allegedly allowed the hackers to steal 1.3 terabytes of data, including names, addresses, emails, phone numbers, and credit card information. This massive database of stolen data has allegedly been published on the criminal site ‘Breach Forums.’

Ticketmaster has not officially confirmed the breach, but Australian authorities have acknowledged the cyber attack and are working with the company to understand its impact.

The FBI has also offered assistance to Australian authorities, a US embassy spokesperson stated. If confirmed this would be one of the largest cyber attacks in history, impacting a significant portion of Ticketmaster's global customer base.

“This is another example of why breach containment is paramount. Hackers have two aims which are to achieve maximum profitability or to cause maximum disruption.

In this case, it appears attackers were able to make their way across the company’s network to reach and exfiltrate sensitive data, which if true, will be hugely concerning to its millions of customers – especially now that this data appears to be for sale on the dark web,” Raghu Nandakumara, Head of Industry Solutions at Illumio told EM360Tech.

 “It’s imperative organisations can see all risks and isolate breaches quickly when they do occur, and this requires a shift away from the traditional “find and fix approach” to “limit and contain.” Ultimately, the longer it takes to identify, mitigate and resolve an attack, the higher the cost, so companies must always start with an “assume breach” mindset.” 

Who is Behind the Ticketmaster Cyber Attack?

Hacking group ‘ShinyHunters’ have claimed to be responsible for the most recent Ticketmaster cyber attack. The group has publically requested a payment of $500,000 for the database via the criminal site ‘Breach Forums.’ Before putting the database for sale on the criminal market, ShinyHunters claims to have reached out to Ticketmaster-Live Nation in an extortion attempt however the company allegedly did not respond.

ShinyHunters emerged in 2020 and gained notoriety for a string of significant data breaches. They appear to target organizations across different sectors, though they've shown a preference for companies using Microsoft Office 365. Their tactics have typically involved exploiting vulnerabilities in cloud storage and authorization systems, though their method in the Ticketmaster cyber attack has not been confirmed.

560 million customers' data compromised

ShinyHunters alleges to have obtained a massive 1.3 terabytes of data, compromising personal information from over 560 million customers. This is incredibly valuable to cybercriminals who can use it for:

1. Identify Theft: Personal details like names, addresses, phone numbers, and credit card information creates a prime opportunity for identity theft. Criminals could use this data to open new fraudulent accounts, make purchases, take out loans or file fake tax returns.
2. Targeted Phishing Attacks: By utilizing stolen personal information cybercriminals can craft highly personalized phishing emails or phone calls. This increases the chances of tricking victims into revealing more sensitive information like passwords, social security numbers, or financial details.
3. Account Takeover: Using personal information and weak passwords, criminals can attempt to hijack victims' accounts on Ticketmaster, email providers, social media platforms, or even bank accounts. Once in control, they could steal further personal data, make unauthorized transactions, or spread malware.

This is not the only cyber attack on Ticketmaster in recent history. In November 2022, the ticket giant claims to have been hit by another disruption, which caused widespread frustration among fans attempting to purchase tickets for Taylor Swift's "Eras Tour."

Ticketmaster attributed the problems to a malicious bot attack, stating that the volume of automated attempts overwhelmed their systems. However, some critics questioned this explanation, suggesting that infrastructure limitations may have played a more significant role in the website's struggles.

What to do if your data has been leaked?

If you are concerned that your information has been exposed in the Ticketmaster, or any, cyber attack the most important thing you can do is change your passwords. 

After changing your passwords ensure that you set up multi-factor authentication. This adds an extra layer of protection to your accounts, making it much harder for hackers to gain access. MFA requires you to provide two or more pieces of evidence to verify your identity when you log in. Even if threat actors have been able to access your password they will not be able to log in without further authentication.

Read: Top 10 MFA Providers for 2024

Be vigilant about potential phishing emails. Scammers might use the breach to send emails pretending to be Ticketmaster. These emails could attempt to trick you into revealing personal information or clicking on dangerous links. Don't click on links or attachments in suspicious emails, and be wary of emails urging immediate action.

Finally, make sure to monitor your financial accounts - which is good general practice. Keep an eye out for any unusual activity on your bank statements. If you notice anything suspicious, report it to your bank immediately.