Ticketmaster confirmed in a federal filing on Friday that it was investigating a data breach after a hacking group known as ShinyHunters claimed responsibility for stealing the information of more than 500 million Ticketmaster customers.
In the filing, with the U.S. Securities and Exchange Commission, Ticketmaster’s parent company, Live Nation Entertainment, said it had “identified unauthorized activity within a third-party cloud database environment.”
Who is behind the breach?
ShinyHunters, a hacker group believed to have been formed around 2020, is believed to have been behind the breach.
Brett Callow, a threat analyst with the cybersecurity company Emsisoft, said it was a “credible threat actor,” though not much more was known about the group.
Its chief aim appears to be to obtain personal records and sell them.
Its past victims have included Microsoft and AT&T, among dozens of other companies in the United States and elsewhere, according to federal prosecutors.
In March, AT&T confirmed a breach in a news release and said it had affected roughly 70 million past or present customers.
In January, the U.S. Department of Justice announced that a 22-year-old member of ShinyHunters — a French citizen named Sebastien Raoult — had been sentenced to three years in prison and ordered to pay more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft.
Who was affected in the Ticketmaster breach?
The hack was first revealed on a May 28 post on a forum called BreachForums.
According to a screenshot of the post shared by Mr. Callow, the group posted that it had the identifying information of 560 million Ticketmaster customers, including credit card numbers and ticket sales.
The group listed its asking price for the data — said to be 1.3 terabytes in size — to be $500,000.
It was not immediately clear when the breach had occurred.
According to Ticketmaster’s public filing, the company first identified “unauthorized activity” on May 20.
“We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement,” the filing said. “As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.”
The F.B.I. did not respond to a request for comment on Friday. Representatives for Ticketmaster did not respond to a request for additional comment.
In its filing, Live Nation said it did not believe the breach would have “a material impact on our overall business operations or on our financial condition or results of operations.”
I’m a Ticketmaster customer. What should I do to protect myself?
For now, Mr. Callow said, it doesn’t appear that customer passwords have been compromised.
But if you do have a Ticketmaster account, you should nonetheless change your password as a precaution, he said.
This is the latest episode to place Ticketmaster under scrutiny.
The Justice Department filed a lawsuit against Live Nation on May 23, calling on a federal court to disband the company over what the government said was the maintenance of an illegally maintained monopoly over the live entertainment industry.
The company has called the government’s accusations “baseless allegations.”
