Alleged Ticketmaster hack breaches half-a-billion customer details

Hackers also demanded a ransom for the data not to be released (Ticketmaster)
Hackers also demanded a ransom for the data not to be released (Ticketmaster)

Ticketmaster is investigating a hacker collective's claim that it obtained the personal details of more than half-a-billion customers – which would be the largest security breach ever.

Shiny Hunters has claimed on the dark web it had the personal details of 560 million Ticketmaster customers available for a one-time sale of $500,000 (£393,000). Names, addresses, emails, phone numbers and the last four digits and expiration date of credit cards are what it claimed are for sale.

It also demanded a ransom for the data not to be released.

Prof Matthew Warren, an expert in cybersecurity, told the BBC the advice was never to pay a ransom for stolen data, as it could increase the risk of future attacks.

“Once the data has been stolen from the organisation, there is nothing that the organisation can do to protect the data. If the organisation had encrypted the data, then if the data had been stolen, it would have been unusable by the hacker,” he said.

The collective has also been behind other high-profile data breaches, resulting in the loss of millions of dollars to the companies involved.

In 2021, the group sold a database of stolen information from 70 million customers of US telecoms firm AT&T.

In September last year, almost 200,000 Pizza Hut customers in Australia had their data breached.

It comes after BreachForums was recently relaunched, a site on the dark web where other hackers buy and sell stolen material.

Though the domain was shut down by the FBI in March 2023, leading to the arrest of its administrator Conor Brian Fitzpatrick, the site reappeared.

Users of the forums often exaggerate the scale of their hacking to attract attention from other hackers.

"If Ticketmaster has had a breach of this scale, it is important they inform customers but it is important to also consider that sometimes criminal hackers make false or inflated claims about data breaches – so people should not be overly concerned until a breach is confirmed," security researcher Kevin Beaumont told the BBC.

In 2020, Ticketmaster admitted it hacked into one of its competitor sites, and agreed to pay a $10m (£7.9m) fine.

While in November, a cyber attack created problems selling tickets for Taylor Swift's Era's tour.

Australia's Department of Home Affairs says it is "working with Ticketmaster to understand the incident". The FBI is also understood to be offering its services.

The American website Ticketmaster, one of the largest online ticket sales platforms in the world, has yet to confirm whether it has experienced a security breach.

The Standard has contacted Ticketmaster and owner Live Nation for comment and is awaiting a response.