The extortion campaign against Ticketmaster continues with the alleged leaking of print-at-home tickets for 150 upcoming events. These tickets were leaked by an individual under the pseudonym of Sp1d3rHunters, who is selling data stolen in the recent thefts against Snowflake accounts. The concerts targeted in this leak include tickets for Pearl Jam, Tate McCrae, Phish and Foo Fighters. The malicious actors behind this demanded a ransom of $500,000 to prevent the leak or sale of tickets to other threat actors.
At the same time, Sp1d3rHunters leaked 166,000 Taylor Swift ticket barcodes and demanded a $2 million ransom. If the extortion demand is not met, Sp1d3rHunters threatens to leak mail and e-ticket barcodes for all events.
“The ongoing Ticketmaster extortion campaign, now claiming to leak over 30,000 print-at-home tickets, highlights a critical cybersecurity issue,” states Toby Lewis, Global Head of Threat Analysis at Darktrace. “Unlike typical data breaches, stolen ticket barcodes are immediately monetizable and could cause significant disruption at events if duplicates are used.”
Ticketmaster claims that the data leaked is useless, as barcodes are regularly refreshed to avoid fraud.
“This breach poses a unique challenge for Ticketmaster. While they claim they can easily revoke digital tickets without most users noticing, the situation with printed barcodes is far more complex,” Lewis says. “If the attackers indeed have access to physical ticket data as claimed, any attempts to address this will be highly visible to end-users and potentially disruptive to events.”
Any individual who has purchased tickets via Ticketmaster is encouraged to be vigilant with their security and personal data.
Lewis advises, “Customers should follow Ticketmaster’s official instructions, change passwords and stay alert for any communications about ticket validity. Ticket holders may face additional verification measures at events.
“This incident underscores the need for robust cybersecurity strategies, especially for businesses handling instantly valuable data. It demonstrates how cyber attacks can have immediate, real-world consequences beyond data privacy concerns.”