Days after 440,000 tickets to the Taylor Swift Eras Tour were leaked, hackers have released nearly 40,000 more Ticketmaster tickets to 150+ global events.
The so-called Sp1derHunters threat actor has obtained access to printable tickets to acts including Pink, Neil Young, Alanis Morisette, Red Hot Chili Peppers, Bruce Springsteen and Cirque du Soleil.
The hacker has also demanded that the ticketing giant pays it $2 million to stop it leaking ticket barcodes to all of Ticketmaster’s events, which comes after a group called ShinyHunters ransomed the Taylor Swift tickets last week for $8 million.
Ticketmaster Woes Continue
The original breach of Ticketmaster’s systems took place in May, with over half a billion customers having their data compromised. Names, addresses, contact details, order history and partial payment data was all made available for sale by ShinyHunters.
The threat actor then confirmed last week that it had managed to obtain 440,000 tickets to Taylor Swift’s epic Eras Tour.
This just in! View
the top business tech deals for 2024 👨💻
Ticketmaster responded to that claim by saying that its ‘SafeTix’ technology “protects technology by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied”.
Sp1d3rHunters Strike
BleepingComputer has now reported, however, on a post from Sp1d3rHunters on a hacking forum, where it calls Ticketmaster’s comments “lies” as the ticket database it has accessed “includes both online and physical ticket types”.
Sp1d3rHunters followed the response with a link to a CSV file with the barcode data for over 38,000 tickets it is leaking, together with instructions for making PDF tickets from the obtained TicketFast ticket types – concluding with “Enjoy your free event!”
“Ticketmaster lies to the public and says barcodes can not be used. Tickets database includes both online and physical ticket types.” – Sp1d3rHunters
Ticketmaster Warns Customers About Data Breach
Canadian public broadcaster CBC has since reported that Ticketmaster has sent emails to customers in Canada to notify them of the data breach and warning them to be vigilant to protect themselves against identity theft and fraud.
Recipients have since taken to X to share screengrabs of email that details the “unauthorized activity” that occurred in April and May and the information that was involved.
It also confirms Ticketmaster’s next actions. The company says that has been “diligently investigating” the incident and cooperating with US federal law enforcement agencies. It also rather vaguely says that it has “taken a number of technical and administrative steps to further enhance the security of our systems and customer data”.
Anyone else get this email from @Ticketmaster just now? Legit? Talk to us #Ticketmaster pic.twitter.com/eCSEBI55gT
— Gee Dee (@nowheremanoman) July 8, 2024
What You Can Do About Ticketmaster Breach
The email also contains general advice for Ticketmaster customers who may have been affected by the hack. As well as the rather unhelpful advice to “remain vigilant”, it suggests that recipients of the email monitor their bank account and credit card statements for suspicious activity. It also recommends carrying out a free credit report for the same reason.
It goes on to offer to cover the costs of identity monitoring through credit reporting agency TransUnion.
Other ways to protect yourself from the result of data breaches include updating your online passwords to long, secure combinations, being alert to suspicious emails or telephone calls that may be phishing scams, and visiting the haveibeenpwned.com website to see if your details have been exposed.
