Data allegedly stolen in Ticketmaster hack
A group of hackers said they stole the personal information of 560 million Ticketmaster customers.
ShinyHunters, the group claiming responsibility, said the stolen data included names, addresses, phone numbers and partial credit card information of Ticketmaster users around the world.
The hacking group is said to be demanding a ransom of $500,000 (£400,000) to prevent the data being sold to other parties.
The Australian government said it was working with Ticketmaster to resolve the issue. The FBI has also offered assistance, a spokesperson for the US Embassy in Canberra told Agence France-Presse.
“The Australian Government is aware of a cyber incident affecting Ticketmaster,” a spokesperson for the Australian Department of Home Affairs said in a statement to BBC media partner CBS News.
“The National Cyber Security Office is working with Ticketmaster to understand the incident.”
US website Ticketmaster, one of the world’s largest online ticketing platforms, has not yet confirmed whether it suffered a security breach.
Cyber security experts are warning that these claims may be false but authorities in Australia, where the incident was first reported, have confirmed that they are investigating.
An advertisement with some samples of data allegedly obtained from the breach was posted on the website BreachForums – a newly relaunched hacking forum.
ShinyHunters was involved in a series of high-profile data breaches, resulting in millions of dollars in losses for the companies involved.
In 2021, the group sold a genuine database of information stolen from 70 million customers of US telecommunications company AT&T.
In September last year, nearly 200,000 Pizza Hut customers in Australia suffered a data breach.
This latest alleged hack coincides with the relaunch of BreachForums, a site on the dark web where other hackers buy and sell stolen documents and information that facilitates hacks. .
According to tech media, the FBI busted the domain in March 2023, arresting its administrator Conor Brian Fitzpatrick, but it has since reappeared.
Forum users often exaggerate the scale of their hacks to attract attention from other hackers.
They are often where major stolen databases first appear but false accusations and claims can also be made.
“If Ticketmaster has had a breach of this scale then it is important that they notify customers but it is also important to note that sometimes criminal hackers make false or exaggerated claims about data breaches – So people should not be too worried until the breach is confirmed.” said security researcher Kevin Beaumont.
Individuals declared large amounts of data that had previously been proven to be copies of previous hacks rather than newly stolen information.
But if verified, the hack could be the most serious breach ever in terms of the amount and extent of data stolen.
This is not the first time Ticketmaster has had security problems.
In 2020, they admitted to hacking into one of their competitors and agreed to pay a $10 million fine.
In November, it was said to have suffered a cyber attack which led to ticket sales problems for Taylor Swift’s Era tour.
Earlier this month, US regulators sued Live Nation, Ticketmaster’s parent company, accusing the entertainment giant of using illegal tactics to maintain a monopoly in the live music industry.
The lawsuit from the Justice Department said the company’s practices drove out competitors and led to higher ticket prices and poorer service for customers.
The BBC has contacted Live Nation for comment.