In an ongoing extortion marketing campaign towards Ticketmaster, menace actors have leaked nearly 39,000 print-at-home tickets for 150 upcoming live shows and occasions, together with Pearl Jam, Phish, Tate McCrae, and Foo Fighters.
The tickets had been leaked by a menace actor often known as ‘Sp1derHunters,’ who’s promoting knowledge stolen in latest knowledge theft assaults from Snowflake accounts.
In April, menace actors started downloading Snowflake databases of at the least 165 organizations utilizing credentials stolen by information-stealing malware.
In Might, a widely known menace actor named ShinyHunters started promoting the alleged knowledge of 560 million Ticketmaster prospects, claiming it was stolen from Snowflake. Ticketmaster later confirmed that its knowledge was stolen from their Snowflake account.
On the time, the menace actors demanded that Ticketmaster pay them $500,000 in order that the info wouldn’t be leaked or bought to different menace actors.
Nevertheless, per week in the past, the identical menace actors leaked 166,000 Taylor Swift ticket barcodes, demanding the next $2 million extortion demand.
Ticketmaster responded by saying that the info is ineffective as their anti-fraud measures continuously rotate to distinctive cellular barcodes.
“Ticketmaster’s SafeTix expertise protects tickets by routinely refreshing a brand new and distinctive barcode each few seconds so it can’t be stolen or copied,” Ticketmaster instructed BleepingComputer.
Hackers reply
Right this moment, Sp1d3rHunters responded to Ticketmaster’s assertion, saying that quite a few print-at-home tickets had been stolen whose barcodes can’t be rotated.
“Ticketmaster lies to the general public and says barcodes can’t be used. Tickets database contains each on-line and bodily ticket sorts,” the menace actor posted to a hacking discussion board.
“Bodily ticket sorts are Ticketfast, e-ticket, and mail. These are printed and can’t be routinely refreshed.”
The put up features a hyperlink to a CSV file containing the barcode knowledge for 38,745 TicketFast tickets, Ticketmaster’s print-at-home ticketing resolution.
A overview of the info by BleepingComputer exhibits ticket knowledge for 154 occasions and live shows, together with these for Aerosmith, Alanis Morissette, Billy Joel & Sting, Bruce Springsteen, Carrie Underwood, Cirque du Soleil, Dave Matthews Band, Foo Fighters, Metallica, Pearl Jam, Phish, P!NK, Crimson Scorching Chili Peppers, Stevie Nicks, STING, Tate McRae, and $uicideboy$.
Publish leaking Ticketmaster ticket knowledge on hacking forumSource: BleepingComputer
When buying tickets via Ticketmaster, you’ll be able to settle for supply via TicketFast at some venues and occasions. Utilizing this supply methodology, your tickets might be despatched as a PDF by way of e mail, which you’ll then print out and convey with you to the occasion.
As these are usually not cellular tickets, the menace actors declare that Ticketmaster can’t rotate the barcodes utilizing its disclosed anti-fraud mechanism. As an alternative, they need to void and reissue the tickets to those that used the service.
The menace actors additionally included a information on changing the leaked ticket knowledge right into a scannable barcode that can be utilized to create tickets utilizing TicketFast print-at-home templates that company prospects use.
BleepingComputer contacted Ticketmaster to substantiate how they’d deal with these tickets however has not acquired a response but.
The menace actors have beforehand tried to extort quite a few different corporations whose Snowflake knowledge was stolen, together with Neiman Marcus, Los Angeles Unified Faculty District, Advance Auto Components, Pure Storage, and Satander.