Ticketmaster Data for 500M+ Customers Up for Sale Following Breach


June 3, 2024

World map

A threat group known as ShinyHunters apparently published a 1.3TB database of compromised Ticketmaster customer data on the relaunched BreachForums criminal forum and is asking for a $500,000 ransom.

“The database contained sensitive information on 560 million users, including payment data, but also containing people’s names, postal addresses, email addresses, phone numbers, ticket sales and event details, order information, and even partial payment card data, for sale. The partial payment card data includes cardholder names, the last four digits of the cards, expiration dates, and some customer fraud details,” TechRadar reports.

“The timing of the leak is quite curious, given the recent relaunch of BreachForums, one of the most popular underground hacking forums in the world, just weeks after it was seized by the FBI, and one of its key administrators, alias Baphomet, allegedly arrested. The other key administrator was none other than ShinyHunters, a hacking collective who bragged about being out of the FBI’s reach in this case.”

Takeaway: The breach at Ticketmaster highlights the importance of continually evolving our cybersecurity practices. This incident is a clear reminder that no organization is immune to sophisticated cyber threats.  

In today's digital landscape, cybercriminals are constantly developing new techniques to bypass security measures, making it imperative for organizations to adopt a proactive and comprehensive approach to cybersecurity including ransomware and data extortion.

We need to better protect our organizations and the sensitive data they handle. Collaboration within the industry is essential, as sharing threat intelligence can help us collectively anticipate and mitigate risks more effectively.  

It is critically important that organizations are aware of the TTPs that are being used by actors targeting their industries and are leveraging cutting-edge security solutions that address specific threats such as ransomware and data extortion.

Ultimately, the Ticketmaster breach should serve as a wake-up call for the entire industry to reinforce our defenses and remain ever-vigilant in the face of evolving cyber threats.  

It is only through continuous improvement and a commitment to robust cybersecurity practices that we can hope to stay one step ahead of those who seek to compromise our systems.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.