Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion
Top private investigator:
Update: Ticketmaster assertion added beneath.
Hackers score leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events can be leaked if a $2 million extortion build a question to just isn’t paid.
In Would possibly per chance honest, a well-identified risk actor named ShinyHunters started promoting data on 560 million Ticketmaster customers for $500,000.
Ticketmaster later confirmed the tips breach, which they in the ruin stated became from their memoir on Snowflake, a cloud-basically based data warehousing firm veteran by the challenge to retailer databases, path of data, and develop analytics.
In April, risk actors started downloading Snowflake databases of at the least 165 organizations the usage of credentials stolen by data-stealing malware.
The risk actors then blackmailed the firms, stressful rate to cease the tips from being leaked or equipped to other risk actors. Firms confirmed to score had data stolen from their Snowflake accounts embody Neiman Marcus, Los Angeles Unified College District, Approach Auto Parts, Pure Storage, and Satander.
Top private investigator: Taylor Swift tickets leaked
Recently, a risk actor identified as Sp1d3rHunters has leaked what they claim is the pricetag data for 166,000 Taylor Swift Eras Tour barcodes veteran to construct entry on various concert dates.
Sp1d3rHunters, previously named Sp1d3r, is the risk actor in the good thing about the sale of data stolen from Snowflake accounts, publicly extorting the a great deal of firms for payments.
“Pay us $2million USD or we leak all 680M of your customers data and 30million more occasion barcodes in conjunction with: more Taylor Swift events, P!nk, Sting, Sporting events F1 Formula Racing, MLB, NFL and hundreds more events,” reads the extortion build a question to first shared by risk intel carrier HackManac.
Source: BleepingComputer
The publish claims the barcode data is for upcoming Taylor Swift concert events in Miami, Unique Orleans, and Indianapolis.
The publish involves a runt sample of the alleged barcode data, which contains the fee veteran to construct a scannable barcode, seat data, the face fee of tickets, and other data. The risk actor further shared info on learn the strategy to turn this knowledge into a scannable barcode.
While the barcode data became not section of the preliminary leak of stolen Ticketmaster data samples released by the risk actors in Would possibly per chance honest, among the newly leaked data can be learned in the older leaks, in conjunction with the hashed credit score card and gross sales uncover data for the tickets.
The crew in the good thing about these attacks is ShinyHunters, which has been liable for a great deal of data breaches over the years. These embody leaking the tips for 386 million user records from 18 firms in 2020, an AT&T breach impacting 70 million customers, and, most not too prolonged previously, the leaking of 33 million phone numbers veteran with the Authy multi-instruct authentication app.
Update 7/5/24 3:44 PM ET: Ticketmaster told BleepingComputer that uncommon barcodes are up so a long way every few seconds, so the stolen tickets can’t be veteran.
“Ticketmaster’s SafeTix expertise protects tickets by robotically refreshing a recent and uncommon barcode every few seconds so it’s going to not be stolen or copied,” Ticketmaster told BleepingComputer.
“Right here is honest one of many fraud protections we put into effect to retain tickets safe and steady.”
Ticketmaster also confirmed that they did not have interaction in any ransom negotiations with the risk actors, disputing ShinyHunter’s claims that they were equipped $1 million to delete the tips.
