The ShinyHunters threat operation has taken responsibility for the hacking of Ticketmaster, claiming to have stolen the personal information of 560 million users. The breached information includes full names, emails, phone numbers, addresses, event information, ticket sale details and order details. The ShinyHunters group states that it is also in possession of credit card information, but only the last four digits and expiration dates. ShinyHunters is offering the database for sale at $500,000.
Security leaders weigh in
Toby Lewis, Global Head of Threat Analysis at Darktrace:
“This alleged attack on Ticketmaster is an unpleasant reminder that no organization is immune from cyber threats. However, it’s crucial to approach this incident with skepticism until more information is available, as the timing of the data being offered on the relaunched BreachForums site raises questions about its authenticity.
“If confirmed, Ticketmaster must be transparent about the accessed data. Customers can protect themselves by changing passwords and monitoring their accounts, although this may be fruitless if the attackers still have access or if there is no breach in the first place.
“It’s advisable to wait for confirmation and follow instructions from Ticketmaster’s incident response teams. While there’s no harm in proactively changing passwords (including on accounts with re-used passwords), customers should be prepared to do it again if necessary.
“Cybersecurity should be at the forefront of businesses’ technology strategy. AI tools can automate prevention and response protocols, enabling proactive defence. Until more details emerge, customers should remain vigilant but avoid jumping to conclusions about the scale or impact of this alleged breach.”
Narayana Pappu, CEO at Zendata:
“Potentially affected Ticketmaster customers should closely monitor their email for any new account creations and credit/debit cards for transactions. I also recommend that they create a pin with their cell phone providers to protect against SIM swaps.
“Ticketmaster has a significant market share of the ticket sale market, and incidents like this can have significant long-term impact. In the past, breaches have led to companies losing market share to key competitors. The Ashley Madison and Equifax breaches are a couple of examples.”
John Bambenek, President at Bambenek Consulting:
“The good news for Ticketmaster customers is that some of the more sensitive information hasn’t been stolen, including full card numbers, so likely this could be used for targeted phishing. This is why the price of the database is so small compared to the number of records. Consumers will see this months from now.
“Ticketmaster is a near-monopoly in its space. Since the risks customers will face will be in the future in the form of phishing, odds are the impact is minimal. Consumers have become numb to data breaches which leads to industry complacency.”
Debrup Ghosh, Sr. Staff Product Manager at Synopsys Software Integrity Group:
“Companies offering a digital marketplace need to place special emphasis on protecting key customer data, especially personally identifiable information (PII). In the age of digital transformation, data is a valuable currency — hence, companies need to continually protect not only company IP but also customer data that helps them study consumer preferences and build the product to better serve those consumer preferences. Overall, companies need to invest in both detection and prevention technologies that allow them to mitigate risk exposure from cyberattacks. Finally, such incidents impact consumer trust in the brand, and very often lead to both direct financial impact from lost revenue, and also punitive legal damages that impact the business.”
Roy Akerman, CEO & Co-Founder at Rezonate:
“We need to face the facts. User identities are the keys to the castle and should be protected as such. According to the 2024 Verizon Data Breach Report, 68% of breaches happen due to human error and one-third of breaches happen due to misconfigurations and other issues. In light of this, it’s crucial to allocate resources to security solutions that establish a baseline for user behavior within an organization's network. This approach allows security teams to swiftly detect and address anomalies and respond to potential threats before they escalate into full blown breaches. In today’s landscape, the question is not whether you’ll face a breach, but when. That’s why prioritizing investment in modern security solutions and fostering a security-conscious culture across your entire organization is paramount, rather than confining it solely to the security team.”
Jim Routh, Chief Trust Officer at Saviynt:
“Ticket brokers create massive sets of highly desirable transaction data and personal information that is easily monetized by cybercriminals (name, address, order information for high priced transactions) and as a result, require industry-leading and mature cybersecurity practices applied to third-party cloud providers. All enterprises have the opportunity today to mature identity management practices for third parties in addition to ticket brokers.”
Philip Odence, Synopsys Software Integrity Group:
“The recent data attacks on Ticketmaster, Snowflake and others are prime examples of how companies making headlines in the news might be more likely to attract the attention of bad actors. We’ve heard from our Black Duck Audit private equity clients that, consistently, after they announce an acquisition, attacks on the new portfolio company significantly increase. There’s no particular logic for it, but if your company is preparing for major news or events, it’s a good reminder to triple check that your cybersecurity practices are operating at more than 100%.”