Ticketmaster has confirmed a substantial data leak took place after reports emerged last week that over half a billion users were affected.
Live Nation, the entertainment giant that owns Ticketmaster, confirmed "unauthorized activity" on its platform, in a breach conducted by notorious hacker group ShinyHunters. The group is demanding a one-time price of $500,000 for the data they acquired, which includes names, email addresses, order history, phone numbers, and some financial details, like partial credit numbers and card expiration dates.
What is Live Nation saying?
In a filing to the US Securities and Exchange Commission by Live Nation, the company said the breach occurred on May 20, and further confirmed that "a criminal threat actor offered what it alleged to be Company user data for sale via the dark web" on May 27.
Until the filing, Live Nation had not commented on the breach. Ticketmaster did not confirm the breach either, instead informing shareholders on May 31.
What happens now?
Live Nation wrote in its filing that the company is working to mitigate risks to users and to the company itself, cooperating with law enforcement in the process.
"As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information," reads the statement.
Live Nation said it is continuing to "evaluate the risks" associated with the breach, and does not believe the incident has a material impact on its business and operations at the time of filing.
Last week, the Australian government confirmed that it is helping Ticketmaster to address the issue, while authorities in the US are reportedly speaking with Ticketmaster to understand the issue.
The stolen data was hosted on Snowflake, a cloud storage and analytics company which released its own statement yesterday addressing "an increase in cyber threat activity". The company also said it is conducting an ongoing investigation and has "promptly informed the limited number of customers" believed to have been impacted by hackers.
As the BBC reports, the scale of this hack is one of the biggest in history, if the numbers reported by ShinyHunters are in fact accurate.
ShinyHunters, the group claiming responsibility, has undertaken several high-profile, big-scale hacks, including a recent breach of Spanish bank Santander, affecting 30 million customers and employees. The group has said it attempted to contact Ticketmaster about the breach but did not receive a response.
Ticketmaster is currently fighting an antitrust lawsuit brought forth by the U.S. Justice Department, which claims that its parent company Live Nation is relying on "unlawful, anticompetitive conduct to exercise its monopolistic control over the live events industry in the United States."
Topics Cybersecurity