A group of cybercriminals claims they have stolen personal data from more than 100,000 people 500 million Ticketmaster customers. While the event ticketing service, owned by Live Nation Entertainment, has not confirmed the attack, security experts warn it could put users of the platform at risk for a range of scams.
The hackers, called ShinyHunters, said in an online forum that they have gained access to Ticketmaster customer information and plan to sell the data. But Jared M. Smith, an engineer at SecurityScorecard, a company that monitors breaches of Internet computer networks, cautioned that it remains to be seen whether the theft is real.
“It’s still not verified. We don’t know if the hackers who posted it are making this up or not, we’re waiting for that,” he said. “It could be part of a publicity stunt.”
Here’s what you need to know about what kind of data may have been exposed and how you can protect yourself.
What is ShinyHunters?
The hacking group emerged in 2020 and attracted attention the following year when it exposed vast amounts of customer data from more than 60 companies.
According to the Justice Department, the ShinyHunters stored and sold stolen data on the “dark web,” including customer databases containing personal and financial information. Members of the group also used social media to recruit potential buyers for the data, sometimes alerting the media to their exploits and posting images on a website that appeared to show stolen material. The targets included a range of companies and millions of consumers.
Sebastien Raoult, a French computer hacker and member of ShinyHunters, was sentenced in January to three years in prison and ordered to pay more than $5 million in restitution after pleading guilty to conspiracy to commit wire fraud and aggravated identity theft.
ShinyHunters may not have hacked Ticketmaster, but could instead effectively serve as a middleman by selling the customer data, experts noted. The group’s message stated that the data was for sale for $500,000 in a “one-time sale.”
How many people may be affected?
ShinyHunters said it obtained personal information from 560 million Ticketmaster customers. While this would be one of the biggest cyber thefts of all time, one expert said some of the information the group claims to have stolen was likely already publicly available.
“The reality is that there’s a lot of data missing, and that sounds really bad. But from a practical point of view, how many people have had information stolen that isn’t yet available? A lot of it is public,” cybersecurity expert Joseph Steinberg told CBS MoneyWatch . “The raw data itself probably reveals much less than it seems. We sometimes get impressed by numbers, but what is much more important is the quality of the data and what it means.”
What type of information was allegedly made public?
ShinyHunters said it obtained the names, addresses, phone numbers, transactions and partial credit card information from Ticketmaster, which Smith described as a “juicy” trove of data for bad actors.
“It’s a lot of information that you don’t often see together. Often hackers just get usernames and passwords, and sometimes payment information. But you don’t often see addresses and previous purchases, and all that together would make a pretty perfect set for a group to set up sites that resemble Ticketmaster sales partners to target consumers who they know have previously purchased event tickets,” he told CBS MoneyWatch.
“This breach would prey on a very easy target to scam people into buying counterfeit tickets,” Smith added.
What is Ticketmaster doing about the alleged attack?
Nothing yet. The company has not verified the alleged cyberattack. There was no immediate response to a request for comment.
The Australian government said Thursday it is investigating the hacking group’s claims. The FBI has offered assistance to Australian authorities, a spokesperson for the US embassy in Canberra told Agence France-Presse.
“The Australian Government is aware of a cyber incident impacting Ticketmaster,” an Australian Department of Home Affairs spokesperson said in a statement to CBS News. “The National Office of Cyber Security is working with Ticketmaster to understand the incident.” The department also urged people with “specific questions about this incident” to contact Ticketmaster.
What should Ticketmaster users do now?
First, and crucially, consumers should assume they are at risk of being hacked, Steinberg said, emphasizing the need for people to have the right mindset. For example, a consumer who believes he is being targeted by hackers will think twice before clicking on a link that will give him concert tickets for his favorite band from an unknown entity.
“You have to internalize the fact that you are a target. People who believe they are targeted behave differently than people who don’t,” he said.
Regarding Ticketmaster, Smith urged consumers not to click on concert ticket sales links they don’t recognize, and to call the service’s support line to verify any offers.
“Someone who thinks they’re not being targeted would say, ‘Wow, this is great, not thinking they got the data from the Ticketmaster breach and socialized it,’” Steinberg said.
More generally, Steinberg recommended that people use two-factor authentication to protect their accounts.
