ShinyHunters claims cyber attack on Ticketmaster that compromised over 560 million customers

Live Nation has confirmed that its subsidiary Ticketmaster suffered a significant data security incident that compromised the sensitive personal information of millions of customers.

 

In a filing with the US Securities and Exchange Commission, Live Nation said that on May 20, it “identified unauthorised activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster LLC subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened.”

 

The company took steps to mitigate the impact of the incident and notified relevant law enforcement authorities about the same.

 

“We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information,” Live Nation added.

 

Recently, a hacking group going by the name ShinyHunters claimed responsibility for the data security incident and said it is in possession of 1.3TB of data stolen from the company. The compromised data contains customers’ personally identifiable information, including their names, home and email addresses, phone numbers, ticket sales, order, and event information for 560 million customers.

 

The threat actor has quoted $500,000 in exchange for the entire database allegedly stolen from Ticketmaster.

 

In a conversation with BleepingComputer, ShinyHunters said that interested buyers have already started approaching them for the database, in fact one of the buyers who approached them was Ticketmaster itself.

 

Acknowledging the claims of the threat actor, Live Nation Entertainment, in its SEC filing said, “On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web.”

 

“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing,” it added.