Half a billion Ticketmaster customers’ data allegedly stolen in major hack
Hundreds of millions of Ticketmaster customers could be at risk after hackers allegedly stole their data – including partial credit card details.
The breach, which has not been confirmed by Ticketmaster, was carried out by hacking group ShinyHunters, who say they have the details of 560 million customers.
In 2021, the group hacked US telecoms company AT&T, stealing 70 million customers’ data including social security numbers before selling it on the dark web.
It is now offering the 1.3 terabytes of data stolen from Ticketmaster for $500,000, having reportedly first tried to extort a $750,000 ransom for the information from the company.
While Ticketmaster has not yet commented publicly, Australia’s Home Affairs Department has confirmed a ‘cyber incident impacting Ticketmaster customers’.
The treasure trove of data is said to contain customers’ full names, addresses, phone numbers, email addresses and partial payment data, which includes the last four digits of their credit cards and card expiration dates.
It is not yet known how the attack was carried out.
Metro.co.uk has contacted Ticketmaster for comment.
May has been a bad month for the company, which operates in more than 35 companies. Last week the US Department of Justice (DOJ) sued Ticketmaster and its parent company Live Nation for monopolising the ticket sales landscape.
@Ticketmaster is such a joke. @usopen @AmericanExpress presale starts at 9am today. Tickets are already up for resale at $300 for the third bowl...on a Thursday. I’m not paying those prices. @usopen needs to fix this. This is the first year in 24 years that I’m not going.
— Eventually Dr Nickolas (@StephNickolas) May 28, 2024
In a statement, the DOJ said: ‘As a result of its conduct, music fans in the United States are deprived of ticketing innovation and forced to use outdated technology while paying more for tickets than fans in other countries.
‘At the same time, Live Nation-Ticketmaster exercises its power over performers, venues, and independent promoters in ways that harm competition.’
Customers have also long complained about Ticketmaster and its prices, but today the bigger concern is its security.
Customers have often complained about Ticketmaster prices (Picture: Getty)
Professor Nigel Phair, from the department of software systems and cybersecurity at Monash University in Melbourne, said: ‘Significant data breaches are becoming all too common. The current legislative approach is clearly not working, as organisations are still not putting sufficient effort into cyber risk management.
‘It is troubling that Ticketmaster has not made any public statements regarding this data breach. Organisations need to be more proactive in their communications and inform the public what has happened and how they are remediating the situation.
‘Consumers need to remain hyper-vigilant in the online world and be on the lookout for unusual emails, SMS or phone calls. They should also look for any suspicious credit card transactions.’
How to stay safe following a hack
In addition to staying alert for unknown payments, Ticketmaster users should also change their password, using a brand new combination – never use the same password for multiple sites.
Keeping the software on your devices up to date is also important, as they include important security features.
If possible, install antivirus software on all devices, including your phone.
Following a hack, the most common attacks on customers involve phishing – sending scam emails or texts that include a link or links to malicious websites. These can look incredibly realistic, and following a hack, cybercriminals are more likely to have personal information that can make it look legitimate – for instance, using ‘Dear Sarah’ instead of ‘Dear Customer’.
Phishing scams will often try to instil a sense of urgency and rush you into clicking through and sharing further information, such as urgent requests for payment to complete a delivery, or a bank informing you of suspicious activity.
Remember, no real company would ever rush you into action. If you receive anything urging you to act, contact the company directly to check if the communication is really from them.