A hacking group known as ShinyHunters – thought to be responsible for a recent Ticketmaster data breach impacting half a billion people – is now claiming to have unlawfully obtained 440,000 tickets to Taylor Swift’s Eras Tour.
According to a post on BreachForums, the group has also upped its initial ransom demand from around $1 million to $8 million after reassessing the damage leaking such data could do to Ticketmaster.
Along with Taylor Swift Eras Tour tickets, the group reportedly possesses around 30 million additional tickets for more than 65,000 events, plus a slew of sensitive customer information including emails.
The Eras Tour Ticket Leak
In May 2024, a hacking group known as ShinyHunters initially demanded a $500,000 ransom from LiveNation, the company that owns Ticketmaster, after it claimed to have access to the records of 560 million users.
Then, in June, the company sent out a data breach notification to the Office of the District Attorney of Maine, confirming that the hack was real.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
However, it now appears that the breach is wider-reaching – and significantly more serious – than first thought.
“To celebrate the fourth of July, we present to you 440K Taylor Swift Eras game tickets” the group said in a recent BreachForums post, ominously adding that the singer would be “going to congress” instead of performing due to their successful attack.
According to Hackread, the total value of the tickets stolen is an eye-watering $22 billion – which has led ShinyHunters to up its ransom demands to $8 million. The value of the additional 30 million tickets extracted from Ticketmaster systems, on the other hand, is thought to be around $4.6 billion.
What Data Do The Hackers Have?
Sometimes, with a hack of this size, the data actually exfiltrated from the company in question’s system is only semi-sensitive, or only useful when paired with other data.
However, there seems to be an enormous range of data taken from Ticketmaster’s systems, if the hackers are indeed in possession of everything they claim to have.
According to the post, ShinyHunters has obtained 980 million sales orders, order details relating to 680 million individual orders, 1.2 billion party lookup records, over 400 million email addresses, and millions of records from address verification systems.
The group also says partial details relating to 400 million encrypted credit cards have also been exfiltrated from Ticketmaster’s system.
ShinyHunters say that their theft amounts to “the largest publicly disclosed non-scrape breach of customer PII (personally identifiable information) of all time”.
What Should You Do if You’ve Been Impacted
As described in the breach notification letter referenced earlier on in this article, Ticketmaster recommends customers “remain vigilant and take steps to protect against identity theft and fraud, including monitoring your accounts, account statements, and free credit reports for signs of suspicious activity.”
The company has also revealed that it is offering a year’s worth of identity monitoring services via Transunion, at no cost to the customer – although you have to enroll within 90 days of receiving the data breach notification.
We’d advise anyone who thinks they may have been impacted by this breach to take advantage of this offer and take even more precautions than usual when it comes to assessing the legitimacy of email correspondence.
