The personal and credit card data of more than half a billion Ticketmaster users has reportedly been stolen as part of a cyber incident currently under investigation. Australian authorities are working with Live Nation and Ticketmaster on the incident, but limited details have been released. Australia's Department of Home Affairs stated it is "working with Ticketmaster to understand the incident." Neither Ticketmaster nor its parent company have issued a statement.
The "Hacker" group ShinyHunters has claimed it cracked the Ticketmaster system and accessed some 1.3 terabytes of data, which includes names, addresses, credit card numbers, phone numbers, and payment details. The information of more than 560 million customers globally is reportedly for sale on the dark web, with an asking price of $500,000. It is not clear which markets are most impacted.
This is not the first time Ticketmaster has experienced a data breach.
The personal and payment details of nearly 10 million users were accessed in 2018. That led to a £1.25 million fine for the company. Ticketfly, a subsidiary of Eventbrite that was subsequently shut down, suffered a data breach impacting an estimated 27 million users six years ago.
Ticketmaster and other ticketing systems use massive data-harvesting technology as a part of their operations and sales pitch to event organizers, requiring customers to use a mobile app to access tickets. The harvested data is shared with event operators and is sold to third parties without further user consent.
When asked in public testimony what data the company could access from users on these systems, a then-executive testified that the company shared or sold no more than "name, phone number, email address." But its terms and conditions and privacy policy show a far wider spectrum of what they can take from users through these apps. Should the hacker's claims prove true, the breach would be among the largest ever reported. Dave Clark "Ticketmaster Hack: Data of Half a Billion Users Up for Ransom" ticketnews.com (May 30, 2024)
Commentary
Depending upon how much information was stolen, the two most likely ways this information will be leveraged will be phishing or impersonation attacks, either through texts or email.
Bad actors that access the information on the dark web will likely craft spear phishing emails or texts posing as Ticketmaster or another third party, "warning" them of the breach. The text or email may contain incorrect grammar, spelling, or poor punctuation. Most likely, the contact will contain a "help" link, asking the recipient to log in and change their password and payment method. The link is, of course, to a website made to look like legitimate.
Remind employees of cybersecurity best practices, paying particular attention to areas of increased risk, including phishing and other social engineering tactics.