The mysterious tale of an alleged breach at Ticketmaster
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Ticketmaster may have suffered one of the biggest data breaches of all time, if reports from a nefarious hacking group are to be trusted.
Why it matters: Law enforcement took down the online infrastructure tied to the hackers making these claims just two weeks ago — calling into question how the group reassembled so quickly, and whether the scope of the incident is overhyped.
Driving the news: HackRead, a British trade publication, first spotted a listing Wednesday from the ShinyHunters hacking group on the dark web-based BreachForums, selling data allegedly stolen from Ticketmaster for $500,000.
- The group claims it has data tied to roughly 560 million Ticketmaster customers, including credit card information and customers' home addresses and email addresses.
- Since the initial report, the news has spiraled: The BBC, CBS, Mashable and others are all reporting the alleged breach at Ticketmaster. Even Australian government officials have weighed in.
Yes, but: Ticketmaster has yet to confirm if this stolen data is legitimate, and the listing is on a site that law enforcement claims it took down earlier this month.
- Ticketmaster did not respond to Axios' requests for comments Thursday.
If true, the breach could have huge implications for Ticketmaster: The DOJ and a group of 30 state and district attorneys general filed an antitrust lawsuit against its parent company, Live Nation, last week.
- Ticketmaster's reputation has also been bruised as lawmakers and consumer groups continue to scrutinize its business practices.
Between the lines: Hackers are known to oversell what they've stolen and how powerful they are — especially when caught in law enforcement's crosshairs.
- After the LockBit ransomware gang went offline earlier this year, the group tried re-launching its services by publishing a list of "new" victims on its leak site a week later. But many of those victims weren't actually new.
- This isn't the first time BreachForums has gone down and come back to life: Last March, law enforcement arrested the then-administrator and seized the site.
The big picture: The cybercriminal ecosystem is nuanced, and most people don't understand the dynamics surrounding hackers' posts on these dark web data-selling forums.
- In the absence of an official company statement that either confirms or denies the alleged Ticketmaster breach, misinformation is starting to run rampant.
- Many publications have misconstrued the payment ShinyHunters is asking for as a ransom — although the group is just selling the data to the highest bidder, rather than demanding Ticketmaster pay $500,000 itself.
- The statement by Australian officials has also led many to think this incident has been confirmed, even though the officials have only said that they are working with Ticketmaster to understand what happened.
Zoom in: However, ShinyHunters does have a rich track record.
- The group has been operating since 2020, and has allegedly breached Microsoft and AT&T, too, according to Matt Hull, global head of threat intelligence at the NCC Group.
- Typically, they also break into companies through phishing campaigns and purchasing previously leaked passwords.
