In a significant cyber security incident, the ShinyHunters hacker group claims to have breached Ticketmaster's systems, resulting in the theft of 193 million barcodes, including 440,000 tickets for Taylor Swift's Eras Tour. The group is now demanding $8 million from LiveNation, the parent company of Ticketmaster.
Details of the Breach
In May 2024, ShinyHunters infiltrated Ticketmaster’s systems. They later released extensive details about the breach on Breach Forums, highlighting the scale and impact of their actions. This information includes a staggering number of exfiltrated barcodes and associated ticket values, marking this as one of the largest publicly disclosed breaches of customer data.
Key points from the breach include:
• Total Exfiltrated Barcodes: 193 million
• Value of Stolen Tickets: $22.7 billion USD
Ransom Negotiations and Data Breakdown
Initially, ShinyHunters reportedly accepted a $1 million offer from LiveNation to keep the breach confidential. However, realising the data's true value, they have increased their demand to $8 million, citing the breach's complexity and potential cost to the company.
In addition to the Taylor Swift tickets, the hackers claim to have stolen:
• 30 million tickets for 65,000 events: Valued at $4.7 billion USD
• 980 million sales orders
• 680 million order details
• 1.2 billion party lookup records
• 440 million unique email addresses
• 4 million uncased and deduped records
• 560 million Address Verification System (AVS) detail records
• 400 million encrypted credit card details with partial information
Taylor Swift Tickets Leaked
Recently, another threat actor known as Sp1d3rHunters leaked what they claim to be the barcode data for 166,000 Taylor Swift Eras Tour tickets. Sp1d3rHunters, previously known as Sp1d3r, is notorious for selling data stolen from Snowflake accounts and publicly extorting companies.
In their extortion demand, the hackers warn, "Pay us $2 million USD or we leak all 680M of your users' information and 30 million more event barcodes including: more Taylor Swift events, P!nk, Sting, Sporting events F1 Formula Racing, MLB, NFL, and thousands more events." This message was first shared by the threat intelligence service HackManac.
The leaked data allegedly includes ticket barcodes for upcoming Taylor Swift concerts in Miami, New Orleans, and Indianapolis. The post provides a small sample of the barcode data, containing information such as the scannable barcode value, seat information, face value of the tickets, and other relevant details. Instructions on how to turn this data into a scannable barcode were also shared by the hackers.
Historical Context and Group Activities
ShinyHunters have a notorious history of data breaches. Their previous exploits include leaking data for 386 million user records from 18 companies in 2020, an AT&T breach affecting 70 million customers, and, most recently, the exposure of 33 million phone numbers associated with the Authy multi-factor authentication app.
Potential Multiple Attacks
Interestingly, another hacker using the alias “Sp1d3rHunters” has also claimed responsibility for leaking Taylor Swift Eras Tour event barcodes, demanding a separate $2 million ransom. This raises the possibility that Ticketmaster may have been breached by multiple groups, or it could be a case of internal competition among hackers to maximise profits from a single breach.
Ticketmaster's Response
Ticketmaster has assured that their SafeTix technology, which refreshes barcodes every few seconds, renders the stolen tickets unusable. "Ticketmaster's SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied," Ticketmaster told BleepingComputer. Additionally, Ticketmaster confirmed that they did not engage in any ransom negotiations with the threat actors, disputing ShinyHunters' claims of a $1 million offer to delete the data.
To Sum up
This incident highlights the escalating threats posed by sophisticated cybercriminal groups like ShinyHunters. As the situation evolves, it underscores the importance of robust cyber security measures and the need for continuous vigilance. Organisations must enhance their security protocols, educate their employees, and ensure transparent communication to mitigate the risks associated with such breaches.
