Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Hackers Boast Ticketmaster Breach on Relaunched BreachForums

The ShinyHunters hacking group has claimed the theft of 560 million Ticketmaster users’ data on a fresh BreachForums portal.

A notorious hacking group has claimed the theft of data belonging to 560 million Ticketmaster users on a newly created version of the BreachForums cybercrime marketplace.

The new site emerged roughly two weeks after BreachForums was seized by law enforcement agencies in the US, Australia, Iceland, New Zealand, UK, and Ukraine. 

This would be the third BreachForums iteration, after the initial version was shut down following the unmasking and charging of its administrator, and the second BreachForums was disrupted in mid-May 2024.

The first BreachForums was active between March 2022 and March 2023. Its administrator, Conor Brian Fitzpatrick, of New York, was sentenced earlier this year.

The second version was launched and operated by an individual known online as Baphomet, who was allegedly arrested during the mid-May takedown, and the notorious hacking group ShinyHunters.

Earlier this week, ShinyHunters announced the relaunch of the cybercrime forum with a high-profile breach: 560 million Ticketmaster users’ information. The hackers also claimed that law enforcement made a fatal error in their takedown attempt, and caused damage to a different business.

The ShinyHunters group claims to be in the possession of 1.3 terabytes of data stolen from Ticketmaster and is asking $500,000 for the data, which allegedly includes names, addresses, email addresses, phone numbers, partial credit card information, and financial transactions information.

According to threat intelligence and research group Vx-Underground, which analyzed a sample of the allegedly stolen data, the information appears to be authentic, containing entries dating back to 2011, with the most recent ones being dated March 2024. Some entries from the mid-2000s were found as well.

Advertisement. Scroll to continue reading.

Vx-Underground, however, explains that ShinyHunters is not responsible for the Ticketmaster data breach, but acts as a proxy for the actual hackers.

The threat intelligence group has learned that the data was likely stolen from Ticketmaster AWS instances after hackers compromised a managed services provider.

California-based Ticketmaster, which is owned by Live Nation Entertainment, has not confirmed the data breach but is already facing a class action lawsuit over the incident, and the Australian government is probing the hackers’ claims.

The alleged size of the Ticketmaster data breach could have dire consequences for both the company and its users. Some, however, suggest that the newly launched BreachForums domain could be only a honeypot site set up by law enforcement.

Related: 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx

Related: Verizon Says Data Breach Impacted 63,000 Employees

Related: Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights