The Department of Home Affairs has confirmed a cyber incident involving Ticketmaster, raising alarms about a massive data breach that could affect millions worldwide.
ShinyHunters Claims Responsibility
CyberDaily reports that the notorious hacker group ShinyHunters claims to have compromised the personal information of 560 million Ticketmaster customers. The stolen data, totaling 1.3 terabytes, includes names, addresses, credit card numbers, phone numbers, and payment details. ShinyHunters is allegedly selling this data for $750,000.
Government and Ticketmaster’s Stance
A spokesperson from the Department of Home Affairs told ABC that they are working with Ticketmaster to fully understand the incident. Further inquiries have been directed to Ticketmaster, which has not yet provided additional details.
Expert Warns of Potential Risks
Cybersecurity expert Mark Lukie highlighted the severe implications for customers, particularly the risk of identity fraud and phishing attacks. Lukie advised users to be vigilant with their emails and cautious about sharing personal information. “Cyber attacks are on the rise, and the more data organizations hold, the more they become targets,” Lukie noted.
Previous Breaches by ShinyHunter
This is not the first breach linked to ShinyHunters. Last year, the group allegedly leaked the personal data of 193,000 Pizza Hut customers. ShinyHunters has a history of large-scale breaches, including data leaks from Tokopedia, Microsoft, Wishbone, and AT&T.
Legal Troubles for LiveNation
This breach comes as Ticketmaster’s parent company, LiveNation, faces a lawsuit from the US Department of Justice (DOJ). The DOJ accuses LiveNation of maintaining an illegal monopoly in the live event industry, inflating ticket prices, and stifling competition. The lawsuit, backed by 30 state and district attorneys-general, challenges LiveNation’s market dominance.
LiveNation, which distributed over 620 million tickets in 2023, dismissed the lawsuit as a potential “PR win for the DOJ” with little impact on ticket prices.
Details of the Data Breach
ShinyHunters posted the stolen data on a popular hacking forum, detailing information on 560 million customers in 16 folders, each containing dozens of gigabytes. The sample data includes hashed credit card numbers, expiration dates, fraud details, customer names, addresses, and emails. Another hacker on a different forum also claims to have the same data, though their connection to ShinyHunters is unclear.
The Track Record of ShinyHunters
ShinyHunters has been involved in several high-profile data breaches since May 2022. Their targets have included Indonesian e-commerce giant Tokopedia and major companies like Microsoft and Wishbone. They leaked data of 70 million AT&T subscribers and compromised other companies such as Home Chef, Star Tribune, and Pixlr. The group’s leader is linked to the BreachForums hacking community, which was recently revived after being seized by international law enforcement.
Contact Efforts and Ongoing Concerns
ShinyHunters told Hackread.com that attempts to contact Ticketmaster have been unsuccessful. CyberDaily has also reached out to Ticketmaster for comments, but it remains unclear if any Australian customers are directly affected by the breach.
As the situation unfolds, customers and cybersecurity experts are closely monitoring the fallout from this significant data breach. The incident underscores the ongoing vulnerability of consumer data and highlights the persistent threat posed by sophisticated hacking groups like ShinyHunters.