Ticketmaster breached Ticketmaster breached
Photo: Ticketmaster

Ticketmaster breached? A reputable source says “yes”.

A number of news sites set a fire ablaze based on a rumor.

Many publications ran a story on Wednesday, May 29th, 2024, stating with great confidence that Ticketmaster had been breached and that data of 560 million users was for sale. The story was run at the back of a “rumor” wherein someone on the dark web breach forums posted the data for sale ($500k for 1.3TB of data), but that someone had no reputation for previous breaches. Later that day, an administrator called ShinyHunters reposted the thread, which just happened to be the only credibility this story had. And journalists still ran with it.

Some news sites went even further with stupidity by saying that the Australian Home Affairs have “confirmed” the breach. This is false. Australian Home Affairs is only looking into the rumors themselves. The government agency is only aware of the rumors, and it will have to be Ticketmaster themselves who confirm the data breach with US authorities, as required by the law.

This is a fake headline created by a “reputable” news site, which later got quoted by other journalists.

Now, as for the title of this story, vx-underground, a well-known collective in the cybersecurity community that focuses on collecting and disseminating malware samples and information, has provided an update to this story, and it appears they have been given sample data to verify its legitimacy.

Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach. Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not performed by ShinyHunters group. 

ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the Threat Group responsible for the compromise. Based on data provided to us by the Threat Group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011.

However, some dates show information from the mid-2000's. Data shared with us includes:

- Full name

- Email address

- Address

- Telephone number

- Credit card number (hashed)

- Credit card type, authentication type, etc

- All user financial transactions

NOTE: The data provided to us, even as a 'sample', was absurdly large and made it difficult to review in depth. We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.

The above statement was copied verbatim from this tweet.

Here is an image of the original BreachForums thread that was reposted by ShinyHunters:

Credit: James H

So even though we have an actual reputable source (vx-underground) that provided additional details and suggests this is a legitimate data breach, Ticketmaster has yet to respond with either denial or confirmation.

Ticketmaster provided no reply to Stack Diary at the time of publication.

The breach’s initial publication, based on unverified rumors from a low-reputation source, underscores the need for rigorous fact-checking in journalism, especially regarding cybersecurity incidents.

Erroneous claims about confirmation from Australian Home Affairs illustrate how misinformation can quickly propagate, potentially causing unwarranted panic and confusion among the public and stakeholders.

Assuming this gets confirmed

The potential implications of the Ticketmaster data breach are far-reaching and concerning, especially when considering the nature of the data reportedly compromised. Among the information shared are full names, email addresses, home addresses, and telephone numbers.

Even if you’re new to the world of data security, it’s important to understand how malicious actors can misuse such information.

  • Your full name is a key piece of personal identification. Scammers and identity thieves can use your name for phishing for more information by pretending to be someone you trust, like a bank representative. They might also create fake identities to commit fraud by combining your name with other stolen data.
  • An email address is often the gateway to many of your online accounts. With it, scammers can send phishing emails designed to steal your passwords, credit card numbers, and other sensitive information. Additionally, they can flood your inbox with unwanted emails, which can sometimes contain malware.
  • Your physical address can be used in several harmful ways. Scammers might send letters or packages that seem legitimate but are designed to deceive you into providing more information or money. Knowing where you live could also expose you to risks like theft or stalking.
  • Your phone number can be a tool for direct contact by scammers. They may make scam calls, pretending to be from reputable organizations, trying to get you to disclose personal information or make payments. Similarly, they might send phishing texts containing links to fraudulent websites designed to steal your information.

Given these risks, there are some important steps you can take to protect yourself. Be skeptical of unsolicited contact, whether it’s through emails, phone calls, or physical mail. Always verify the identity of anyone who contacts you out of the blue, and don’t provide personal information unless you are sure of the person’s identity. Regularly monitor your bank and credit card statements for unauthorized transactions, and check your credit reports for signs of identity theft, such as unexpected credit inquiries or new accounts you didn’t open.

Using strong, unique passwords for different accounts and enabling two-factor authentication (2FA) where possible adds an extra layer of security. Report any suspicious activity to local authorities, relevant organizations, and your financial institutions immediately if you suspect your financial information has been compromised.

Understanding the potential misuse of your personal information is the first step in protecting yourself against scams and identity theft.