On May 29, Australian authorities announced they were investigating a claim by cybercriminal group ShinyHunters that it had stolen personal data and order information from Ticketmaster customers. ShinyHunters reportedly has demanded $500,000 from the world’s largest seller of event tickets to avoid selling the customer information database to someone else.
Ticketmaster has not confirmed whether the claim is genuine or that customer data has indeed been compromised. If true, the breach would be one of the largest data thefts in history.
Cybersecurity experts say that ShinyHunters may not have stolen customers’ data, but instead is acting as an intermediary for the real data thieves. The relatively low amount of the group’s purported ransom demand for such a large database suggests that may be the case, or that much of the information is already widely available on the dark web.
Nonetheless, the hackers claim to have email addresses, mailing addresses, phone numbers, order information, and partial credit card details belonging to 560 million Ticketmaster customers.
“It’s a lot of information you don’t often see together,” said Jared M. Smith, a cybersecurity expert at SecurityScorecard, a company that monitors data breaches. “Often hackers just get usernames and passwords, and sometimes payment information. But you don’t often see addresses and past purchases, and that would make quite a perfect setup for a group to put up sites that look like Ticketmaster sales partners to target consumers they know have purchased event tickets before.”
Cybersecurity experts recommend that all Ticketmaster customers be vigilant for unsolicited ticket offers from companies that look like Ticketmaster, especially if they’re promising huge discounts. Scammers are getting very good at spoofing legitimate websites, so victims think they’re buying real event tickets or other products but just give up their money to a scammer.