HQ/EMEAFind out how we can help your business
The notorious ShinyHunters threat group is selling what they claim is the personal and financial information of about 560 million Ticketmaster users on the recently relaunched BreachForums hacking forum. Based on reports, these purported stolen data are sold for half a million dollars.
The reportedly stolen databases, first listed for sale on the Russian hacker site Exploit, contain 1.3TB of data, including customer details such as names, home and email addresses, phone numbers, ticket sales, orders, and event information.
In addition, the threat actors also claim that the offered database also contains customer credit card information, such as hashed credit card numbers, the last four digits of the card numbers, credit card and authentication types, and expiration dates for financial transactions from 2012 to 2024.
The threat group said that Ticketmaster is one of the potential buyers of the data.
ShinyHunters disclosed that there are prospective purchasers for the data, and they believe one of them is Ticketmaster. However, these actors remained silent on how the data was stolen and have yet to disclose where they acquired the data.
On the other hand, a separate research group claimed to have communicated with some threat actors who reportedly breached Ticketmaster. They claimed they could take data from the company’s AWS instances by pivoting from an MSP.
Further research also shows that the alleged stolen data appears to be from Ticketmaster, but it remains to be verified as neither the affected entity nor the federal law enforcement agencies have confirmed the issue.
These recent incidents are not the only concern of the affected company. Last week, the US Department of Justice and a bipartisan coalition of about 30 state attorneys general sued Live Nation Entertainment and its Ticketmaster subsidiary for anticompetitive behaviour and violating the Sherman Antitrust Act by monopolising the live event market.
Customers have already launched a proposed class action lawsuit against Ticketmaster and its parent company, Live Nation, over the alleged data leak. The action covers residents of the United States who the alleged violation has compromised.
The plaintiffs seek punitive damages, actual damages, and attorneys’ fees, as well as an order compelling Ticketmaster to pay for credit-monitoring services and disclose what consumer data was compromised in the event.
The potentially affected individuals should monitor their digital presence and look out for unsolicited communications since the alleged stolen data may have already landed in the wrong hands, which would cause other malicious activities.
