Ticketmaster Confirms Hack of Global Database
Ticketmaster has admitted its database was hacked, potentially exposing the personal details of hundreds of millions of its customers.
Last week, ShinyHunters, a shady hacker group, claimed it was behind the data breach, during which it nabbed names, addresses, phone numbers and partial credit card details from Ticketmaster’s users worldwide.
According to various published reports, the hacking group is demanding a $500,000 ransom payment to prevent the data from being sold on.
Now, Ticketmaster’s parent Live Nation has confirmed the “unauthorised activity” did occur on its ticketing platform, which may have compromised the data of up to 560 million live entertainment fans.
In a filing to the US Securities and Exchange Commission, the ABC reports, Live Nation said that on May 27 “a criminal threat actor offered what it alleged to be Company user data for sale via the dark web”, and that it was probing.
The Australian government is reportedly working with Ticketmaster to address the issue, and the Department of Home Affairs confirmed with the ABC it was investigating a “cyber incident” involving the ticketing giant.
In an unusual one-two, Ticketmaster’s competitor Ticketek Australia confirmed on Friday that it too had been the subject of a data breach, involving the potential exposure of customer names, dates of birth, and email addresses.
“We would like to reassure you that Ticketek has secure encryption methods in place for all passwords and your Ticketek account has not been compromised,” reads a statement to customers, seen by The Music Network. “In addition, we utilise secure encryption methods to handle credit card information and transactions are processed via a separate payment system which has not been impacted. Ticketek does not hold identity documents for its customers.”
Ticketek, part of the TEG group, points out that it notified the Australian Cyber Security Centre (ACSC) and executives are liaising with the Office of the Australian Information Commissioner (OAIC) and the National Office of Cyber Security in relation to the incident.
In its filing to the SEC, Live Nation is said to be working to “mitigate risk” to its customers and that it was notifying customers of the situation.
“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing”, it added.
The hack is another headache for Live Nation and Ticketmaster which, just last month, was targeted with an antitrust lawsuit, filed by the Department of Justice and 30 state attorneys and which accuses the live entertainment giant of achieving its dominant position in the world’s biggest market through abuses of market power and dubious exclusive ticketing contracts. Attorney General Merrick Garland has declared “it is time to break it up.”