A hacking group claims to have leaked over 38,000 print-at-home tickets from Ticketmaster for 154 upcoming concerts, including Taylor Swift’s “Eras Tour,” Pearl Jam, Phish, and Foo Fighters, as reported by multiple industry publications.
This is part of an ongoing alleged extortion scheme against Ticketmaster, which began in May when the hacker group ShinyHunters stole personal data from over 500 million Ticketmaster customers and sold it on the dark web.
The cyberattack was confirmed by Ticketmaster’s parent company, Live Nation, in a federal filing with the U.S. Securities and Exchange Commission, which stated it identified “unauthorized activity within a third-party cloud database environment containing company data.” The third-party database was identified as Snowflake, a cloud storage firm used by several high-profile companies that were involved in other data breaches.
It’s unclear if Ticketmaster or Live Nation ever notified the customers affected by the data breach, which is typically required by law in most states.
RELATED STORY | Live Nation confirms Ticketmaster hack that may affect millions of users
Another hacker group named Sp1d3rHunters, associated with ShinyHunters, claimed in an online forum to have barcode data for thousands of printable tickets that they will leak if ransom demands are not met.
Industry outlets like Infosecurity Magazine and BleepingComputer reported the group initially had barcode data for 170,000 tickets to Taylor Swift’s “Eras Tour” that would be leaked if demands were not satisfied.
While Ticketmaster claimed its SafeTix technology automatically refreshes barcodes, rendering cloning and selling them useless, the validity of this response has not been independently confirmed by Scripps News.
Sp1d3rHunters countered, stating that the ticket information they allegedly stole was for physical ticket types that cannot be refreshed. This would potentially require Ticketmaster to void and reissue all stolen tickets.
RELATED STORY | Google’s dark web monitoring service will soon be free for all users
BleepingComputer mentioned that the hacking group’s latest post includes a link to a CSV file containing barcode data for 38,745 TicketFast tickets, used by Ticketmaster for print-at-home event passes. The post also provides a guide for converting the leaked ticket data into scannable barcodes to create tickets.
The group claims the data can be used for tickets to events like Cirque du Soleil and concerts by artists such as Billy Joel, Carrie Underwood, Dave Matthews Band, P!NK, and others.
Ticketmaster and Live Nation have not responded to multiple requests for comment from Scripps News.
RELATED STORY | DOJ files sweeping antitrust lawsuit against Ticketmaster and parent company Live Nation
