BlogNews29TH JUN 2024
AuthorSamir Yawar
3 min read
News

Ticketmaster notifies millions of customers of huge data breach

Twitter
Facebook
WhatsApp
Email
LinkedIn
Ticketmaster data breach feat image
BlogNews29TH JUN 2024
3 min read
News

Ticketmaster notifies millions of customers of huge data breach

AuthorSamir Yawar
Twitter
Facebook
WhatsApp
Email
LinkedIn
Ticketmaster data breach feat image

Ticketmaster has begun notifying customers of a significant data breach after hackers accessed the company's Snowflake database, compromising the personal information of millions of people.

According to a data breach notification shared with the Office of the Maine Attorney General, Ticketmaster discovered that "an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider."

The breach, which occurred between April 2, 2024, and May 18, 2024, was identified on May 23, 2024. Since the investigation began, no further unauthorized activity has been detected.

Scope of the Ticketmaster Data Breach

Ticketmaster revealed that the breach exposed customers' names, basic contact information, and additional unspecified data varying by user. The company advises customers to remain vigilant against identity theft and fraud and has offered one year of free identity monitoring to track their credit history.

Despite initially stating that the breach affected ">1000" individuals, the actual number of impacted customers is in the millions, with much more sensitive information exposed.

data from Ticketmaster breach up for sale
A look at Ticketmaster data allegedly stolen | Source: ShinyHunters

Details of the Snowflake Data Theft

Last month, the threat actor known as ShinyHunters began selling the stolen data from Live Nation/Ticketmaster, claiming it included personal and credit card information of 560 million users. The hackers used compromised Ticketmaster credentials, which lacked multi-factor authentication, to steal data from the Snowflake account.

Snowflake, a cloud-based data warehousing service, is utilized by enterprises for storing databases, processing data, and performing analytics. ShinyHunters started selling the data on May 28 on a notorious hacking forum for $500,000. The dataset, purportedly 1.3TB in size, contained information for 560 million customers, including ticket sales, event details, customer fraud information, and partial credit card data.

Confirmation and Investigation of Ticketmaster Data Breach

Samples of the data seen included more than just basic contact information. Millions of customers have had the following data exposed:

  • Full names

  • Email addresses

  • Phone numbers

  • Addresses

  • Hashed credit card details

  • Payment amounts.

Ticketmaster remained silent for several days before confirming the breach in a Friday evening SEC filing on May 31, asserting that the incident would not materially impact the company.

Broader Implications of Snowflake Data Theft

This breach is among several recent data theft incidents linked to the Snowflake platform. A joint investigation by Snowflake, Mandiant, and CrowdStrike found that a threat actor, tracked as UNC5537, targeted at least 165 organizations that had not enabled multi-factor authentication on their accounts. The attackers used credentials stolen by information-stealing malware infections dating back to 2020 to breach Snowflake accounts.

Ticketmaster's breach underscores the critical need for robust security measures, including multi-factor authentication, to protect sensitive data in cloud environments.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Two-factor authentication is a security process that requires users to provide additional proof of their identity beyond their password to gain access to a system or application. This can include providing a fingerprint or using a security token, such as a USB key or a smartphone app. Two-factor authentication adds an extra layer of security to password protection and helps to reduce the risk of security breaches.
Phishing is a type of social engineering attack in which cybercriminals attempt to trick individuals into revealing sensitive information, such as login credentials, financial data, or personal information, by masquerading as a trustworthy entity. Phishing is a significant cybersecurity threat because it targets the human element, which is often the weakest link in an organization's security posture, and can lead to unauthorized access, data breaches, and financial loss.