Replace: Ticketmaster assertion added under.
Hackers have leaked what they declare is Ticketmaster barcode knowledge for 166,000 Taylor Swift Eras Tour tickets, warning that extra occasions can be leaked if a $2 million extortion demand will not be paid.
In Could, a widely known risk actor named ShinyHunters started promoting knowledge on 560 million Ticketmaster prospects for $500,000.
Ticketmaster later confirmed the information breach, which they in the end acknowledged was from their account on Snowflake, a cloud-based knowledge warehousing firm utilized by the enterprise to retailer databases, course of knowledge, and carry out analytics.
In April, risk actors started downloading Snowflake databases of no less than 165 organizations utilizing credentials stolen by information-stealing malware.
The risk actors then blackmailed the businesses, demanding cost to forestall the information from being leaked or offered to different risk actors. Firms confirmed to have had knowledge stolen from their Snowflake accounts embrace Neiman Marcus, Los Angeles Unified Faculty District, Advance Auto Elements, Pure Storage, and Satander.
Taylor Swift tickets leaked
Immediately, a risk actor often called Sp1d3rHunters has leaked what they declare is the ticket knowledge for 166,000 Taylor Swift Eras Tour barcodes used to achieve entry on varied live performance dates.
Sp1d3rHunters, beforehand named Sp1d3r, is the risk actor behind the sale of knowledge stolen from Snowflake accounts, publicly extorting the assorted corporations for funds.
“Pay us $2million USD or we leak all 680M of your customers info and 30million extra occasion barcodes together with: extra Taylor Swift occasions, P!nk, Sting, Sporting occasions F1 System Racing, MLB, NFL and hundreds extra occasions,” reads the extortion demand first shared by risk intel service HackManac.
Taylor Swift ticket knowledge leaked on a hacking forumSource: BleepingComputer
The put up claims the barcode knowledge is for upcoming Taylor Swift live shows in Miami, New Orleans, and Indianapolis.
The put up features a small pattern of the alleged barcode knowledge, which incorporates the worth used to create a scannable barcode, seat info, the face worth of tickets, and different info. The risk actor additional shared particulars on how you can flip this knowledge right into a scannable barcode.
Whereas the barcode knowledge was not a part of the preliminary leak of stolen Ticketmaster knowledge samples launched by the risk actors in Could, among the newly leaked knowledge might be discovered within the older leaks, together with the hashed bank card and gross sales order info for the tickets.
The group behind these assaults is ShinyHunters, which has been chargeable for many knowledge breaches over time. These embrace leaking the information for 386 million person data from 18 corporations in 2020, an AT&T breach impacting 70 million prospects, and, most not too long ago, the leaking of 33 million telephone numbers used with the Authy multi-factor authentication app.
Replace 7/5/24 3:44 PM ET: Ticketmaster informed BleepingComputer that distinctive barcodes are up to date each few seconds, so the stolen tickets can’t be used.
“Ticketmaster’s SafeTix expertise protects tickets by mechanically refreshing a brand new and distinctive barcode each few seconds so it can’t be stolen or copied,” Ticketmaster informed BleepingComputer.
“This is only one of many fraud protections we implement to maintain tickets secure and safe.”
Ticketmaster additionally confirmed that they didn’t interact in any ransom negotiations with the risk actors, disputing ShinyHunter’s claims that they had been provided $1 million to delete the information.