Ticketmaster owner Live Nation confirmed “unauthorised activity” on its database after a group of hackers said they had stolen the personal details of 560 million customers.
ShinyHunters, the group claiming responsibility, says the stolen data includes names, addresses, phone numbers and partial credit card details from Ticketmaster users worldwide.
The hacking group is reportedly demanding a $500,000 (£400,000) ransom payment to prevent the data from being sold to other parties.
In a filing to the US Securities and Exchange Commission, Live Nation said that on 27 May “a criminal threat actor offered what it alleged to be Company user data for sale via the dark web”, and that it was investigating.
The number of customers affected by the data breach has not been confirmed by Live Nation.
The Ticketmaster breach was first revealed by hackers who posted an advert for the data on Wednesday evening. Ticketmaster refused to confirm it to reporters or customers and instead notified shareholders late on Friday.
The Australian government said it is working with Ticketmaster to address the issue. The FBI has also offered to assist, a spokesperson for the US Embassy in Canberra told Agence France-
A spokesperson for the FBI told the BBC it “has no comment on this matter”.
In its filing, Live Nation said it was working to “mitigate risk” to its customers and that it was notifying users about the unauthorised access to their personal information.
“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing”, it added.
American website Ticketmaster is one of the largest online ticket sales platforms in the world. This hack is one of the biggest in history in terms of global victims but it’s not yet clear how sensitive the data is that is in the hands of cyber criminals.
Researchers are also warning that it’s part of a larger ongoing hack involving a cloud service provider called Snowflake which is used by many large firms to store data in the cloud. Snowflake notified customers of an increase in cyber threat activity targeting some of its customers’ accounts.
On Friday, Santander confirmed it had data from an estimated 30m customers stolen which was being sold by the same hacking group as the Ticketmaster hackers. It added that “UK customer data was not affected or lost in the hack”.
It’s thought these hacks are all linked and many others could become public.
An advert with some data samples allegedly obtained in the breach have been posted on the website BreachForums – a newly relaunched hacking forum on the dark web where other hackers buy and sell stolen material, and information to enable hacks to take place.
ShinyHunters has been linked to a string of high-profile data breaches resulting in millions of dollars in losses to the companies involved.
In 2021 the group sold a genuine database of stolen information from 70 million customers of US telecoms firm AT&T.
In September last year, almost 200,000 Pizza Hut customers in Australia had their data breached.
The FBI cracked down on the domain in March 2023, arresting its administrator Conor Brian Fitzpatrick, but it has reappeared, according to tech media.
Individuals declaring large batches of data in the past have proven to be duplicates of previous hacks rather than newly stolen information.
If the data hack is as large as claimed by ShinyHunters, the hack could be the most significant breach ever in terms of numbers and the extent of the data stolen.
This is not the first time Ticketmaster has been hit with security issues.
In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine.
In November it was allegedly hit by a cyber attack which led to problems selling tickets for Taylor Swift’s Era’s tour.
Earlier this month, US regulators sued Live Nation accusing the entertainment giant of using illegal tactics to maintain a monopoly over the live music industry.
The lawsuit from the Department of Justice said the firm’s practices had kept out competitors, and led to higher ticket prices and worse service for customers.
What to do if you are worried you have been affected
Experts say it’s important not to panic but to be alert, if you think you may be a victim.
Watch out for bogus emails, messages and phone calls – hackers can sometimes use the details they have to trick victims into revealing more information.
In some cases scammers may try and exploit the fear caused by the hack as a way of trying to persuade you to share information.
Be especially suspicious of:
official-sounding messages about “resetting passwords”, “receiving compensation”, “scanning devices” or “missed deliveries”
emails full of “tech speak”, designed to sound more convincing
being urged to act immediately or within a limited timeframe
In 2018 when a hack put some Ticketmaster customer information at risk, UK officials also suggested users kept an eye on their financial accounts for suspicious activity. They also advised changing your password for Ticketmaster and on any other sites using the same password
BBC