NetworkTigers reports on the ShinyHunters hack of LiveNation Ticketmaster.
How did a group named after a Pokémon trend take down the self-described “largest entertainment company in the world”? Concertgoers all over the world want the answer. Many are concerned that their personal and financial information is at risk as part of the 560 million customer files now available for sale on the dark web. Some have even joined a class action lawsuit claiming that Ticketmaster has breached their duty to customers by failing to take adequate cybersecurity protocols. The hack has global consequences and may add fuel to the fire for the US Congressional hearings about breaking up the ticketing monopoly. So how did it all happen? NetworkTigers answers burning questions about the Ticketmaster ShinyHunters hack.
What are LiveNation and Ticketmaster?
LiveNation is the parent entertainment company for Ticketmaster, which is also the ticket sales platform. Both LiveNation and Ticketmaster came under recent scrutiny by Congress after high fees and reduced competition came to light during the Taylor Swift Eras Tour ticket release.
LiveNation describes itself as the “largest producer of live music concerts in the world.” It owns or controls over 265 concert venues, arenas, and theaters across North America. It also owns over 60 of the top 100 amphitheaters in the US, and the company generates over $22 billion globally from ticket sales, events, and licensing.
What happened in the Ticketmaster hack?
Enter ShinyHunters, a hacking group named after the videogame trend of collecting shiny Pokémon characters. ShinyHunters targeted LiveNation’s ticketing arm to capture data connected to approximately 560 million customers. The amount of data stolen or captured comes to a staggering 1.3 terabytes. On May 28, 2024, the group posted that the information was for sale online for $500,000.
What information is exposed in the leak?
Sensitive financial and personal information, ticket sales data, event information, and order details have been taken. ShinyHunters is offering for sale:
- Customer names
- Billing addresses
- Email addresses
- Phone numbers
- Credit card numbers, including the last four digits
- Credit card expiration dates
All of the information is linked to prior ticket purchases through LiveNation.
Is the Ticketmaster hack confirmed?
It is still unclear exactly how the data breach occurred, but on Saturday, June 1, 2024, Ticketmaster confirmed that unauthorized activity had occurred within their system and that customer data was, in fact, for sale.
According to ongoing research from cybersecurity analysts, the hack may be part of a larger cloud service attack that Ticketmaster and other companies use to store customer data. BBC has reported that the cloud data storage service Snowflake is notifying firms impacted by a large-scale hack on their system. One of them is banking giant Santander, which reported recently that 30 million customers had their data stolen by ShinyHunters via a Snowflake data storage breach. Further information as to how and if the two breaches are linked is still coming to light.
What do we know about ShinyHunters?
ShinyHunters has made the news several times since their first emergence in 2020. According to the US Department of Justice, they are an international hacking group that seems to be motivated by “pure greed.” One member of the gang, 22-year-old French citizen Sebastien Raoult, was caught in Morocco and sentenced earlier this year to three years in prison and a $5 million fine. Raoult’s methods involved building convincing fake login landing pages for businesses and sending them out via phishing emails. When people enter their login credentials, the poisoned page captures the information. Hackers can then use these credentials to access the account and scan cloud data services for additional entry points using the same credentials.
ShinyHunters has taken responsibility for several high-profile attacks prior to the Ticketmaster hack and the Santander breach. They have also leaked information belonging to 70 million AT&T users and hacked into Microsoft, Wishbone, Tokopedia, and more.
What are the consequences of the Ticketmaster hack?
A $5 billion class action lawsuit has been filed in California, alleging that the entertainment company acted negligently by failing to take even basic cybersecurity protocols to protect consumer data. The suit proposes a US-wide class of plaintiffs have been harmed and a subclass of California plaintiffs under the California Consumer Privacy Act.
Ticketmaster’s owner, LiveNation, is already facing scrutiny from the Department of Justice, which is examining the company as a possible monopoly subject to regulation. Consumers whose data has been stolen may argue that they do not have a way to hold the company accountable for their poor data protection practices due to a lack of competition in the field. This hack may add considerable weight to the claim that Ticketmaster has monopoly power, which could lead to its breakup.
If you are concerned that you are one of the 650 million users whose information may now be for sale, cybersecurity experts recommend you change your passwords on Ticketmaster and any other websites that might reuse those credentials. Be wary of receiving phishing emails, especially those that might ask you to take steps to secure your accounts from further hacks. Monitor your accounts for suspicious activity, and report your concerns immediately.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
