Ticketmaster is urging users to carry out checks, after a hacker group has claimed to have stolen personal data from over 560million users.
According to a report by Hackread (via Billboard), the compromise in data was carried out by a well known hacker group called ShinyHunters, who claim that they have stolen 1.3 terabytes of data from Ticketmaster.
Details obtained from the 560million customers include full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data. They are threatening to sell the data for $500,000 (£393,800).
Live Nation, which owns Ticketmaster, has yet to acknowledge whether the reported data breach has in fact taken place. That being said, officials in Australia’s Department of Home Affairs did tell the Australian Broadcasting Company that it was aware of a cyber incident that could potentially impact millions of Ticketmaster customers globally. A spokesperson also said that it is “working with Ticketmaster to understand the incident” (as per Consequence).
“Right now, since we only have the attackers’ words to go on, it’s too early to make any firm statements about whether there was a breach and what, if any, data was stolen,” said Christopher Budd, director, threat research, Sophos (via The Sun).
“Regardless of whether the breach is legitimate, the attackers have been successful in drawing attention to a criminal forum that was recently taken down. As with many take downs like this, we often see the sites rebooted, so organisations should never let their guard down.”
Reports of the data breach come just days after the United Justice Department filed a sprawling antitrust lawsuit against Live Nation, and alleged that the ticket giant has taken abusive steps to remove competition in the United States.
Jake Moore, a Global Cybersecurity Advisor at cybersecurity firm ESET, told The Sun that he advises Ticketmaster customers to change their password on the site as soon as possible. He also urged users to keep an eye out for follow-up emails from the company asking for information.
“The amount of highly personal data in this extremely large breach makes this extra worrying for all those involved. Ticketmaster is choosing not to pay the ransom which is slowly becoming more common as aftermath clean-ups improve,” he said.
“As the sensitive information is now up for sale, those affected must remain extra careful, change their passwords and steer clear of follow-up emails, texts and calls claiming to be from companies and requesting information. High profile data breaches can have long-lasting effects on customers including identity theft and financial fraud.”
In other Ticketmaster news, in October last year the company announced a new plan to allow fans to contribute directly to the Music Venue Trust (MVT) to help support UK grassroots venues.