Data allegedly stolen from 560 million Ticketmaster users

HackerImage source, Reuters
  • Published

A group of hackers say they have stolen the personal details of 560 million Ticketmaster customers.

ShinyHunters, the group claiming responsibility, says the stolen data includes names, addresses, phone numbers and partial credit card details from Ticketmaster users worldwide.

The hacking group is reportedly demanding a $500,000 (£400,000) ransom payment to prevent the data from being sold to other parties.

The Australian government says it is working with Ticketmaster to address the issue. The FBI has also offered to assist, a spokesperson for the US Embassy in Canberra told Agence France-Presse.

A spokesperson for the FBI told the BBC it "has no comment on this matter".

"The Australian Government is aware of a cyber incident impacting Ticketmaster," a spokesperson for the Australia Home Affairs Department said in a statement to the BBC's media partner CBS News.

"The National Office of Cyber Security is engaging with Ticketmaster to understand the incident."

The American website Ticketmaster, one of the largest online ticket sales platforms in the world, has yet to confirm whether it has experienced a security breach.

Cyber security experts are warning that the claims could be false but authorities in Australia, where it was first reported, have confirmed they are investigating.

An advert with some data samples allegedly obtained in the breach have been posted on the website BreachForums - a newly relaunched hacking forum.

ShinyHunters has been linked to a string of high-profile data breaches resulting in millions of dollars in losses to the companies involved.

In 2021 the group sold a genuine database of stolen information from 70 million customers of US telecoms firm AT&T.

In September last year, almost 200,000 Pizza Hut customers in Australia had their data breached.

Image source, EPA

This latest alleged hack coincides with the relaunch of BreachForums, a site on the dark web where other hackers buy and sell stolen material, and information to enable hacks to take place.

The FBI cracked down on the domain in March 2023, arresting its administrator Conor Brian Fitzpatrick, but it has reappeared, according to tech media.

Users of the forums often inflate the scale of their hacking to attract attention from other hackers.

They are often where large stolen databases first appear but can also feature false allegations and claims.

"If Ticketmaster has had a breach of this scale it is important they inform customers but it is important to also consider that sometimes criminal hackers make false or inflated claims about data breaches - so people should not be overly concerned until a breach is confirmed," says security researcher Kevin Beaumont.

Individuals declaring large batches of data in the past have proven to be duplicates of previous hacks rather than newly stolen information.

But if verified, the hack could be the most significant breach ever in terms of numbers and the extent of the data stolen.

This is not the first time Ticketmaster has been hit with security issues.

In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine.

In November it was allegedly hit by a cyber attack which led to problems selling tickets for Taylor Swift's Era's tour.

Earlier this month, US regulators sued Live Nation, Ticketmaster's parent company, accusing the entertainment giant of using illegal tactics to maintain a monopoly over the live music industry.

The lawsuit from the Department of Justice said the firm's practices had kept out competitors, and led to higher ticket prices and worse service for customers.

The BBC has contacted Live Nation for comment.