Ticketmaster Can’t Seem to Shake It Off

Diane here, COO and the least technical member of our group! I’ll occasionally take control of our blog to give y’all a break from hearing from Kyle. My posts will focus more on things happening in mainstream media or whatever I find interesting, relevant, or scandalous. Enjoy! 🖤

What’s worse than finding out the Department of Justice is suing you? Finding out that you’ve been hacked. Ticketmaster won the bad-day lottery and will be fighting two battles at once.

Let’s make sure we are all caught up first, in case you haven’t been following the happenings of Taylor Swift over the past two years (#karmaistheguyonthechiefs!)…

You might have heard about the controversy surrounding Ticketmaster and Taylor Swift’s The Eras Tour sales – people were waiting several hours waiting to get in to purchase tickets only for tickets to be over $1,000 a seat. Ticketmaster was in some serious hot water, even the former Pennsylvania Attorney General got involved. This debacle made for some serious frustrated Swifties.

In the last few months:

The Department of Justice (DOJ) sues Ticketmaster (and parent company, LiveNation Entertainment) over alleged monopoly.
Ticketmaster learns of hack involving the data of more than 500 million customers.

Talk about a rough day for their legal team! However, for the purposes of this post, we are going to stick to the hack and answer the following questions:

What happened?
Who is behind the attack?
Who is Impacted?
What is Ticketmaster’s Response?
Are there any consequences for Swift fans?
What can I do?

What happened?

On May 31, 2024 Ticketmaster confirmed through a filing with the U.S. Securities and Exchange Commission (SEC) that they had “identified unauthorized activity within a third-party cloud database environment.” Meaning, they were hacked. This unauthorized activity occurred between April 2, 2024 and May 18, 2024 (46 days). On May 23, 2024, they determined customer data may have been involved (see Ticketmaster email below).

Who is behind the attack?

It’s believed ShinyHunters, a hacking group formed in 2020 was responsible for the breach. Their modus operandi seems to be obtaining and selling personal records. Previous targets included HomeChef, Microsoft, AT&T, among others. In January 2024, a 22-year-old French citizen linked to ShinyHunters was sentenced to 3 years in prison and ordered to pay over $5 million in restitution for hacks unrelated to this one.

ShinyHunters posted on a breach forum claiming they had the identifying information for 560 million Ticketmaster customers and they were asking $500,000 for the data.

Who is impacted?

The information of 560 million Ticketmaster customers is involved in this leak, including names, addresses, credit/debit card numbers, phone numbers, and ticket sales. At this time it does not look like passwords were leaked, however it’s still advised that you change your password.

What is Ticketmaster’s response?

Ticketmaster sent customers an email on July 3, 2024 (41 days after learning about the incident). Below is an excerpt from that email. You can find the whole email pictured below.

“We have been diligently investigating this incident with the assistance of outside experts. We have also contacted and are cooperating with federal law enforcement authorities, and this notice has not been delayed due to law enforcement investigation. We have additionally taken a number of technical and administrative steps to further enhance the security of our systems and customer data. These measures include rotating passwords for all accounts associated with the affected cloud database, reviewing access permissions, and increased alerting mechanisms deployed in the environment.”
Ticketmaster email to registered users

Potential implications for Swifties

While drafting this post, we learned about an update to this hack. On July 4, ShinyHunters announced they stolen 440,000 tickets to Taylor Swift’s The Eras Tour, among other tickets and barcodes. According to Hackread, in the announcement ShinyHunters suggested Swift perform in front of Congress which highlights the severity of this hack and the public exposure this will receive. ShinyHunters claims this is the largest leak of personally identifiable information (PII) to date. ShinyHunters have since increased their ransom demand to $8 million since they now realize they are sitting on approximately $22 BILLION dollars worth of tickets.

What can I do?

If you have bought tickets through Ticketmaster, you should immediately change your password (as soon as you are done reading this). Make sure you practice good password hygiene by…

not repeating passwords (or slight variations of a password)
use identifiable information like your pet’s name, your kid’s name, the street you grew up one, etc.
have strong passwords that include a combination of lowercase letters, uppercase letters, numbers, and symbols
use a password manager so you only have to remember one password

You can also consider getting dark web monitoring on your accounts and credit reports so you will be alerted to suspicious activity (as Ticketmaster’s email offers). Ultimately, it’s up to you to decide how you respond to Ticketmaster’s email, but Kyle (CEO of AbsolutelyNothing) doesn’t think that free darkweb monitoring is what is actually valuable and you can certainly watch updates to his correspondence on this LinkedIn Post.

This is a real-time case study into what happens when companies don’t protect our data. This is reason 440,000 why we, as digital citizens, need to understand what data points companies are collecting from us when we use their services. Here at AbsolutelyNothing we aim to help you be a better informed digital citizen who can hold companies who mess up accountable, and we will provide tools to help you get there. If you like what we are doing, consider hitting that Buy Us a Coffee button.

Until next time,

Diane

a screen shot of an email from ticketmaster outlining alerting registered users to a potential hack and letting them know how to redeem darkweb monitoring.