Ticketmaster breach confirmed, third party blamed


Live Nation has confirmed that its subsidiary Ticketmaster suffered a data breach, as revealed by the regulatory filing with the US Securities and Exchange Commission (SEC). Researchers warn that this is part of a larger hack affecting cloud service provider Snowflake.

On May 20th, Live Nationidentified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary),” the filing with the SEC reads.

The group subsequently launched an investigation with “industry-leading forensic investigators to understand what happened.”

ADVERTISEMENT

Later, on May 27th, threat actor ShinyHunters posted the data of 560 million customers for sale on an illicit marketplace, asking for $500,000.

Live Nation is working with authorities to “mitigate risk,” but it does not expect losses from the incident.

“The incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing,” the company said to investors.

Ticketmaster, after merging with Live Nation, formed the world's largest live entertainment conglomerate, responsible for ticket sales and distribution, live concerts, and show handling. The US Department of Justice accuses the behemoth of running an “illegal monopoly,” weaponizing its power at the expense of artists and music fans.

It’s not yet clear how sensitive the data in the leak is. However, some researchers have already described it as “absolutely massive.” Researchers from vx-underground, working with samples, said the leak exposes personal information that includes full names, email addresses, physical addresses, telephone numbers, hashed credit card numbers, their types, authentication type, and “all user financial transactions.”

The leak coincided with another huge breach at Santander, where the same threat actor was involved. Researchers now warn that both are related and part of the larger hack, allegedly involving a cloud service provider, Snowflake, serving thousands of customers in the US, the BBC reported.

Snowflake distances itself from the Ticketmaster breach. Snowflake informed its customers about “the targeted threat campaign against some Snowflake customer accounts.” In a blog post, the company said it has not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform. It rather targets customers with weak/compromised credentials.

ADVERTISEMENT

ShinyHunters, which posted Ticketmaster and Santander customers’ data for sale, is known for carrying out multiple high-profile data breaches, including Microsoft, Mashable, Pluto TV, AT&T, T-Mobile, and others.