Another hacking group has claimed a giant victory as news got out this week that ShinyHunters claimed to have bypassed Ticketmaster’s security measures to steal the personal data of 560 million users.
Ticketmaster has yet to publicly confirm the incident and did not immediately respond to a request for comment from SecurityInfoWatch Friday.
But Fast Company Magazine and numerous other media sources say the hackers are reportedly trying to sell the data for $500 million. Cybersecurity news service HackRead reports the group claims to have gained access to full names, addresses, email addresses, phone numbers, partial payment card data and the ordering history of Ticketmaster users (among other data points).
So far, at least one country has spoken out about the alleged Ticketmaster hack. A statement by Australia’s Department of Home Affairs confirmed the legitimacy of the report, and officials say they’re “working with Ticketmaster to understand the incident,” Fast Company reported.
Officials in Australia say the data stolen could put consumers at risk of identity fraud and phishing at the very least.
ShinyHunters is a black-hat group that’s well known in the cybersecurity world with a long history of attacks. In the past, it has offered information from companies including AT&T (with information on 70 million wireless customers, including social security numbers), Microsoft (where it stole source code from a private GitHub account) and Bonobos (where it gained access to personal data for 7 million customers).
The Federal Bureau of Investigation has an ongoing investigation into the group, which earlier this year resulted in the sentencing of one member, who now faces three years in prison and was ordered to return $5 million.
The reported Ticketmaster hack comes just days after the U.S. Department of Justice and a collection of states filed an antitrust suit against Ticketmaster parent company Live Nation, seeking to break up the company.
The company almost immediately replied, “Calling Ticketmaster a monopoly may be a PR win for the DOJ in the short term, but it will lose in court because it ignores the basic economics of live entertainment.”
Should the hackers sell the data and cause further inconveniences for consumers, it could dig an even deeper reputational hole for Ticketmaster, despite the fact that large-scale data theft occurs to a wide variety of businesses today.
UnitedHealth Group was attacked in February of this year, which resulted in some people being unable to fill prescriptions and the possible theft of personal data for a “substantial proportion” of Americans.
ShinyHunters 'Proflific' Crime Group
Several cybersecurity experts said this week that attacks of this nature are no surprise, especially given the suspected hacker.
"The breach of Ticketmaster shows us how large-scale these operations can be. Now that the data has been exfiltrated from Ticketmaster, the threat group can continuously target the individuals through social engineering and phishing attempts,” said Darren Williams, CEO and Founder of Black Fog.
“Large entities, especially those such as Ticketmaster, must invest in anti data exfiltration technology to ensure no data is leaving their system without proper authorization.”
Matt Hull, Global Head of Threat Intelligence at NCC Group said ShinyHunters is an infamous entity active on several well-known dark markets, including Breach Forums, a prolific hacking crime forum. The group, which has been active since 2020, often initiates their campaigns through harvesting legitimate credentials from victims, Hull notes.
“This is done either through the use of phishing campaigns, through purchasing previously-leaked credentials on the dark web, or through getting lucky with previously-leaked credentials floating about on the open web – a reminder of the importance of regularly changing your passwords,” Hull noted.
The group has had multiple run-ins with law enforcement throughout their short history. Hull says. In 2023, a 21-year-old French national was extradited from Morocco to the U.S. for his role in the group’s criminal activities.
More recently, they became embroiled in the takedown by the FBI of the criminal forum Breach Forums, of which ShinyHunters is an administrator, Hull say says. Within a day of the initial takedown, the clearnet domain had been re-established, though the dark web domain could not be regained from the FBI and so a new one has been created.
“There is chatter that the ShinyHunters currently operating Breach Forums after its reestablishment may not be the same people as before the FBI’s initial seizure, but rather other group members co-opting established usernames,” Hull says. “It’s likely that law enforcement agencies are the only ones who truly know what the state of affairs is. The rest of us, security commentators and researchers, as well as other cybercriminals, can only wait and see how things develop.”
Hull notes that a post on a Russian cybercriminal forum was made more than a day before ShinyHunters’ post on Breach Forums concerning the sale of Ticketmaster/Live Nation data.
The notable difference between the two listings is that the post on the Russian forum requires a guarantor, whereas ShinyHunters’ post on BF does not. “It is possible that ShinyHunters are acting as a proxy/middleman for the sale of data for the original attackers. However, it is yet to be confirmed what the role of ShinyHunters is where Ticketmaster are concerned,” he says.
------------
Fast Company magazine contributed to this article via Tribune Content Agency, LLC.
