SecureWorld News

ShinyHunters Hits Ticketmaster with Breach Impacting 560 Million Users

Written by Cam Sivesind | Thu | May 30, 2024 | 7:02 PM Z

The infamous cybercrime syndicate ShinyHunters has struck again, this time claiming responsibility for an absolutely staggering data breach impacting live entertainment giants Ticketmaster and Live Nation. In a brazen announcement, the hacking group says it has compromised personal records belonging to a jaw-dropping 560 million users across the two platforms.

According to posts on the underground Breach Forums, ShinyHunters is looking to sell the purported 1.3 terabyte trove of Ticketmaster and Live Nation customer data for a one-time payment of $500,000. Leaked samples point to the potential exposure of names, email addresses, home addresses, phone numbers, and billing information on a scale rarely witnessed.

Ticketmaster and Live Nation have not yet officially confirmed the breach. However, if ShinyHunters' claims prove legitimate, it could rapidly escalate into one of the most severe data privacy disasters in history given the sheer number of individuals potentially impacted across the entertainment industry.

"If this threat actor really has obtained the personal information of this many people," said Shawn Tuma, Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP, "then this event, in conjunction with the many other recent breaches we have seen where large percentages of the population are impacted, serves as yet another reminder that we all should assume that our personal information has been stolen in any number of these attacks, and we each need to take steps to ensure we are protecting our own identity as best as we can. Our information is out there. Nobody else is coming in to protect us. We have to be vigilant and protect ourselves.”

"This alleged attack on Ticketmaster is an unpleasant reminder that no organization is immune from cyber threats. However, it's crucial to approach this incident with skepticism until more information is available, as the timing of the data being offered on the relaunched BreachForums site raises questions about its authenticity," said Toby Lewis, Global Head of Threat Analysis at Darktrace. "If confirmed, Ticketmaster must be transparent about the accessed data. Customers can protect themselves by changing passwords and monitoring their accounts, although this may be fruitless if the attackers still have access or if there is no breach in the first place."

ShinyHunters first gained widespread notoriety in 2022 for the headline-grabbing breach of Microsoft's Azure Cloud Platform. Since then, the criminal outfit has been linked to data theft from major corporations like Samsung, Minecraft, and Pixlr. Its standard operating procedure involves hacking into databases, exfiltrating sensitive information, and monetizing the spoils on Dark Web marketplaces.

While their tactics and motivations remain shrouded, ShinyHunters demonstrates the potential devastation posed by sophisticated, financially-driven hackers targeting consumer data for illicit profits. Standard security measures appear increasingly futile against these adversaries.

Tom O'Malley, Advisor to The Identity Theft Resource Center and Founder of Frozen Pii LLC, has advice for keeping personally identifiable information (PII) secure, or at least managing PII if an organization you do business with is hacked and your identity is now at risk.

"The Ticketmaster data breach is another reminder that criminals have easy access to your PII to commit identity fraud crimes," O'Malley said. "People can easily protect themselves and their money from criminals using your stolen PII by: 1) checking, correcting, and freezing your credit reports; 2) using unique, complex passwords with multi-factor authentication on your accounts (easily managed with a password manager); and 3) using banking and credit card apps to monitor your financial accounts and set up threshold alerts for unusual activity."

O'Malley continued: "To avoid falling for scams, I've adopted a practice of letting calls from people not in my 'favorites' list roll over to voicemail (bots never leave live voice messages), not responding to any unsolicited email and texts, and not clicking on any email addresses, phone numbers, or websites in unsolicited email and texts. If any email or text allegedly relates to my banking, credit card, merchant, delivery, or other account, I only use the official website or app of that entity to check the current status of that account."

The reported Ticketmaster-Live Nation breach also underscores escalating third-party cyber risks for companies entrusted with customer data. As this situation continues developing, potentially impacted individuals should monitor for any signs of identity fraud or unauthorized transactions on their accounts.

"Potentially affected Ticketmaster customers should closely monitor their email for any new account creations and credit/debit cards for transactions. I also recommend that they create a PIN with their cell phone providers to protect against SIM swaps," said Narayana Pappu, CEO at Zendata. "Ticketmaster has a significant market share of the ticket sale market, and incidents like this can have significant long-term impact. In the past, breaches have led to companies losing market share to key competitors. The Ashley Madison and Equifax breaches are a couple of examples."

For the live events industry already beleaguered by the pandemic's impacts, ShinyHunters' latest alleged mega breach could deal another brutal black eye that erodes consumer confidence and brand reputations for the foreseeable future.

"The good news for Ticketmaster customers is that some of the more sensitive information hasn't been stolen, including full card numbers, so likely this could be used for targeted phishing. This is why the price of the database is so small compared to the number of records. Consumers will see this months from now," said John Bambenek, President at Bambenek Consulting. "Ticketmaster is a near-monopoly in its space. Since the risks customers will face will be in the future in the form of phishing, odds are the impact is minimal. Consumers have become numb to data breaches, which leads to industry complacency."

ShinyHunters has once again demonstrated its technical sophistication and persistence in the face of law enforcement efforts to disrupt its operations. Just weeks after the FBI proudly announced seizing the group's Dark Web data breach forum, ShinyHunters has managed to regain control over the very same domain.

In an audacious move, ShinyHunters leveraged advanced hacking techniques to wrestle back administrative access to the confiscated .onion site hosted on the Tor network. They quickly reestablished their notorious data leak marketplace, mocking law enforcement's fleeting "victory" as merely an inconvenient downtime period.

This brazen counterattack highlights the immense challenges authorities face in combating the rising tide of financially-motivated cybercrime syndicates like ShinyHunters. Despite considerable resources poured into disrupting their activities, these nimble hacker collectives display a remarkable ability to regroup and relaunch their illegal enterprises from any temporary setbacks. For companies unfortunate enough to suffer a ShinyHunters breach, this resiliency means their stolen data remains perpetually at risk of being auctioned off on the digital black markets.

"Ticketmaster's recent potential data breach, coupled with the ongoing antitrust lawsuit, could have severe reputational repercussions," said cybersecurity and privacy attorney, Violet Sullivan, AVP, Cyber Solutions Team Leader, Crum & Forster. "Even if customers are numb to data privacy concerns, these legal challenges amplify the perception of a company struggling with both security and regulatory compliance."

[RELATED: 3 Ways Ticketmaster Failed at Cybersecurity]