Hackers claim Ticketmaster in attempt to boost revived forum’s popularity

ShinyHunters cybercrime ring, which is rebooting the infamous illicit marketplace BreachForums after its seizure by the FBI, has posted claims about a very large breach affecting Ticketmaster. However, some analysts speculate that the alleged sale of 560 million customers' data may be a PR stunt.

Ticketmaster is a ticket sales and distribution company that merged with Live Nation, forming the world's largest live entertainment conglomerate. It handles live concerts and shows.

ShinyHunters’ post on the rebooted forum claims they have the full details of 560 million customers, including name, address, email, and phone number, combined with details from ticket sales, event information, and other sources. Credit card details supposedly include the last four digits of a card and an expiration date.

And there is “much more” in the data set, which hackers are selling for $500,000 and for one buyer only.

The provided screenshots indicate the data set of 15 folders is 1.3 Terabytes-large. Most of the folder names start with “sales_ord_deluxe_hdr.” Another screenshot is a sample of personal data.

Open-source intelligence researcher CyberKnow warns that this post may be a trick to boost attention to the illicit forum BreachForums reboot, as the leak contains “some questionable aspects.”

“Shinyhunters, who has claimed the sizable breach, has an interest in quickly rebuilding the userbase and reputation of BreachForums, which is where they have posted the claim. We have seen in the past that admins of forums will make big attention-grabbing claims to build up user bases quickly,” CyberKnow posted on X.

After reviewing the provided sample, the researcher concluded that there are 54 email addresses, and none of them are linked to current dates – they’re all from 2018 and older.

“The emails look like a mix of UK and US-linked email addresses. The new data from 2023/2024 looks like information related to ticket sales information and does not include any personal information,” CyberKnow shared. “While there is some new data in the shared evidence, there is also old customer information, making it possible this is a series of data jammed together.”

At this stage, analysts cannot confirm or deny the legitimacy of ShinyHunters’ claims. If true, it would be another blow to Live Nation-Ticketmaster, after the US Department of Justice announced last week that it's suing the entertainment behemoth over weaponizing and entranching its power at the expense of artists and music fans.

ShinyHunters also talked to journalists from Hackread.com and Databreaches.net, claiming they had attempted to contact Ticketmaster regarding the breach to no avail. The malicious actor didn’t answer questions about how Ticketmaster was allegedly compromised.

Cybernews has reached out to Ticketmaster for a comment and is awaiting their response.

ShinyHunters (also known as ShinyCorp) is an international cyber threat group that first emerged in 2020, according to SOCRadar. It’s believed to be responsible for a leaked AT&T database containing over 70 million customer records.

The FBI recently hit ShinyHunters, the alleged perpetrators of BreachForums. The site was taken down, and the administrator, Baphomet, was allegedly arrested. However, not long after, hackers reclaimed the site.

The FBI is investigating these criminal hacking forums. Victims or individuals who have information to assist in any of the investigations can provide information here.