What to know about the purported theft of Ticketmaster customer data

A cybercriminal group claims to have stolen personal data belonging to more than 500 million Ticketmaster customers. While the event ticketing service, owned by Live Nation Entertainment, has not confirmed the attack, security experts warn that it could put the platform’s users at risk of a series of scams.

The hackers, called ShinyHunters, said in an online forum that they have gained access to Ticketmaster customer information and plan to sell the data. But Jared M. Smith, an engineer at SecurityScorecard, a company that monitors computer network breaches on the Internet, warned that it is not yet known whether the theft is real.

“It hasn’t been verified yet. We don’t know if the hackers who posted it are making this up or not, it’s something we’re waiting on,” he said. “It could be part of a publicity stunt.”

Here’s what you should know about what kind of data may have been exposed and how to protect yourself.

What is ShinyHunters?

The hacking group emerged in 2020 and drew attention the following year when it exposed huge amounts of customer records from more than 60 companies.

According to the Department of Justice, ShinyHunters stored and sold stolen data on the “dark web,” including customer databases with personal and financial information. Group members also used social media to solicit potential buyers for the data, including sometimes notifying social media outlets about their exploits and posting images on a website that appeared to show stolen material. The targets included a range of companies and millions of consumers.

Sebastien Raoult, a French computer hacker and member of ShinyHunters, was sentenced in January to three years in prison and ordered to pay more than $5 million in restitution after pleading guilty to conspiracy to commit wire fraud and aggravated identity theft.

Prosecutors said the extensive hack caused millions of dollars in losses to the companies that were victims and “immeasurable additional losses” to hundreds of millions of people whose data was sold to other criminals.

How many people could have been affected?

ShinyHunters said it obtained personal data belonging to 560 million Ticketmaster customers. While this could rank as one of the biggest cyberjackings of all time, one expert said some of the information the group claims to have stolen was likely already publicly available.

“The reality is that there are a lot of records missing and that looks really bad. But from a practical standpoint, how many people have had information stolen that wasn’t already available? A lot of it is public records,” said cybersecurity expert Joseph. Steinberg told CBS MoneyWatch. “From the raw data itself, there is probably much less than it seems. Sometimes we are overwhelmed by the numbers, but what matters much more is the quality of the data and what it means.”

What type of information was allegedly exposed?

ShinyHunters said it obtained Ticketmaster customers’ names, addresses, phone numbers and partial credit card details, which Smith described as a “juicy” trove of data for bad actors.

“It’s a lot of information that you don’t often see together. A lot of times hackers just get usernames and passwords and sometimes payment information. But you don’t often see addresses and past purchases, and all of that together would form a whole perfect for a group to create sites that look like Ticketmaster sales partners to reach consumers they know have purchased event tickets before,” he told CBS MoneyWatch.

“This breach would target a very easy target audience to trick people into purchasing fake tickets,” Smith added.

What is Ticketmaster doing about the alleged attack?

Nothing yet. The company did not verify the alleged cyber attack. It did not immediately respond to a request for comment.

The Australian government said Thursday it is investigating the hacking group’s allegations. The FBI has offered assistance to Australian authorities, a spokesperson for the US Embassy in Canberra told Agence France-Presse.

“The Australian government is aware of a cyber incident that has affected Ticketmaster,” an Australian Department of Home Affairs spokesperson said in a statement to CBS News. “The National Cybersecurity Office is collaborating with Ticketmaster to understand the incident.” The department also asked people with “specific questions related to this incident” to contact Ticketmaster.

What should Ticketmaster users do now?

First, and crucially, consumers must accept that they are at risk of being hacked, Steinberg said, emphasizing the need for people to have the right mindset. For example, a consumer who believes they are being targeted by hackers will think twice before clicking on a link offering concert tickets for their favorite band from an unknown entity.

“You have to internalize the fact that you are a target. People who believe they are a target behave differently than people who don’t,” he said.

Regarding Ticketmaster, Smith urged consumers not to click on concert ticket sales links they don’t recognize and to call the service’s support line to verify any offers.

“Someone who doesn’t think they’re the target would say, ‘Wow, that’s great, not thinking they got the data from the Ticketmaster breach and projected it socially,” Steinberg said.

More generally, Steinberg recommended that people use two-factor authentication to protect their accounts.