TicketMaster Data Breach: Data of 560 Million Users for Sale

ShinyHunters, a notorious hacking group, is selling 1.3TB of data it claims to have been stolen from Ticketmaster. The dump contains the personal information and payment data of 560 million users and is up for sale on BreachForums for $500,000.

In a post on X, vx-underground, an educational website covering malware and cybersecurity, claims to have spoken to some of the threat actors involved in the breach. These talks allegedly revealed that an unidentified hacking group managed to access TicketMaster’s AWS instance by pivoting from a Managed Service Provider sometime in April. It was also uncovered that ShinyHunters is only acting as a proxy for this threat group to auction the data but was not involved in the compromise themselves.

vx-underground also stated that they believe “with a high degree of confidence the data is legitimate,” based on information provided by the threat group. However, they admit that the data is “absurdly large,” making it difficult to verify with absolute certainty. vx-underground is also unable to verify financial information, although the stolen PII looks authentic.

The majority of information appears to span transactions from 2012 to 2024, although some dates appear from the mid-2000’s. According to vx-underground, the compromised information includes:

• Full names
• Email addresses
• Physical addresses
• Telephone numbers
• Hashed credit card numbers
• Credit card information (type, authentication, etc.)
• All user financial transactions

BleepingComputer also spoke to ShinyHunters. According to them, the hacker group revealed that “there are interested buyers in the data” and that they believe Ticketmaster themselves might be willing to buy the data back.

Also, according to BleepingComputer, Ticketmaster are yet to reply to their request for a comment on the situation. In addition, the FBI declined to comment when BleepingComputer asked if they are working with Ticketmaster to investigate the incident.

BreachForums, where the data is being auctioned, is one of the most notorious extortion sites. The FBI shut it down twice, once in 2023 and again on 15 May 2024. However, ShinyHunters managed to get back control of the domain and relaunch the site, seemingly just in time to facilitate the auction of this massive data leak.

This is not the first time that Ticketmaster has been a victim of a data breach. In 2019, vpnMentor researchers found that data from Ticketmaster was found in a breach database containing 17 million records and 1.2TB of data.