Ticketmaster has started sending out warnings to customers that their personal information has been stolen. It is still unknown how many customers are involved.
At the end of May, criminals claimed that they had stolen the data of 560 million Ticketmaster customers. This would involve 1.3 terabytes of data containing names, address details, telephone numbers, order details, and partial credit card details, which were offered for sale for $500,000 on the dark web.
Ticketmaster did not issue a public warning but did inform the U.S. Securities and Exchange Commission (SEC) that a “third-party cloud environment” had been breached and that company data and personal information had been stolen. Ticketmaster and parent company Live Nation subsequently remained silent.
Several security experts from Hudson Rock (an article they later retracted for legal reasons), who the alleged perpetrator contacted, suggested that the data had been stolen via Snowflake’s cloud platform by accessing one of Snowflake’s employees’ accounts and then using that account to roam the Snowflake internal systems freely.
In a joint statement with Mandiant and CrowdStrike, Snowflake stated there is no evidence suggesting that compromised credentials of Snowflake personnel caused the unauthorized activity. Instead, they attribute the breach (which has also affected companies like Pure Storage, Advance Auto Parts, and Ticketek) to Snowflake customers’ fault, who failed to implement proper authorization protections on their accounts.
Nearly a month after the SEC notification, Ticketmaster has now notified several U.S. state attorneys general that it will inform customers, and the sample letter has also been published. In it, the company states that attackers had access to the third-party cloud environment between April 2 and May 18 and stole personal information.
In a statement to Stack Diary, a Ticketmaster spokesperson confirmed that the stolen database contained “limited personal information of some customers who bought tickets to events in North America (U.S., Canada, and Mexico).”
The said information “may include email, phone number, encrypted credit card information, as well as some other personal information provided to us by our customers.”
When asked whether they would also reset user passwords, “User accounts on the Ticketmaster platform are not affected by this breach, and a password reset is unnecessary.”
Ticketmaster said that they are in the process of notifying relevant customers by either e-mail or first-class mail. If you are not contacted, Ticketmaster does not believe your sensitive information was involved.
In its disclosure sample letter, the company stated that it had taken several ‘technical and administrative’ measures to protect the security of systems and customer data, including changing passwords of the affected cloud environment, checking access permissions, and implementing additional alert mechanisms. No further details were given.
When reporting to the Attorney General, companies often report the number of people affected during a data breach. Still, in this case, Ticketmaster only noted that the number was more than 1,000 people.
Given that multiple credible sources verified the legitimacy of the breach, we can make a safe assumption the actual number is likely much higher.
Updated at 6/29/2024 21:02 GMT: This article was updated to add an official statement from a Ticketmaster spokesperson.
