Over 500 million hit in massive Ticketmaster data breach — what to do now

 Ticketmaster app open on a smartphone with a blue background.
Ticketmaster app open on a smartphone with a blue background.

Paying exorbitant prices for concert tickets is bad enough but now it appears that one of the most popular ticketing service providers worldwide has suffered a major data breach that affects over half a billion customers.

As reported by Mashable, Ticketmaster is the latest big company to fall victim to a data breach, though the firm has yet to confirm this. Still, a prominent hacker group is claiming to have stolen the customer data of close to 560 million of the service’s users.

To make matters worse, the group, which goes by ShinyHunters online (a Pokémon reference for those curious) , is selling all 1.3 terabytes of this stolen data for a one-off fee of $500,000 on a popular hacking forum.

If you’re a Ticketmaster customer whose personal and maybe even financial data has been exposed as a result of these hackers, here’s everything you need to know about this breach, along with some tips on how to stay safe after a major cyber incident like this one.

A treasure trove of user data

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light
A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light

According to ShinyHunters, the group managed to steal all sorts of data from Ticketmaster but we still don’t know how they managed to pull off this feat.

Regardless, the 1.3 terabytes of stolen customer data contains full names, addresses, phone numbers along with order history information like ticket purchase details and Ticketmaster event information.

If this wasn’t bad enough, ShinyHunters was also allegedly able to steal partial payment data from Ticketmaster customers, which includes their names, the last four digits and expiration dates of their credit cards.

In addition to looking for more information on Ticketmaster’s blog and other online resources, Tom’s Guide has also reached out to the company directly to confirm what, if any, data was stolen by the ShinyHunters hacking group.

While we've yet to hear back from Ticketmaster, ShinyHunters does have a history of big data breaches like this one. For instance, back in 2021, the hacker group leaked the subscriber info of 70 million AT&T customers. Surprisingly, ShinyHunters' leader is the admin of the popular hacker forum BreachForums.

How to stay safe after a data breach

An open lock depicting a data breach
An open lock depicting a data breach

Even if you’re super careful online and practice perfect cyber hygiene, your personal and financial data could still end up in the hands of hackers, thanks to one of the companies you do business with.  Whether it’s an unsecured database, an insider threat or even a malware infection, your data can then be stolen and sold off to other hackers to use in their other attacks.

Normally, when a company falls victim to a data breach, they usually offer some guidance along with free access to one of the best identity theft protection services. As Ticketmaster has yet to confirm whether it actually was hacked, we don’t know if the company will be providing complimentary services to affected customers.

Until then, you’re going to need to remain vigilant when checking your inbox, messages or even your mailbox, as cybercriminals could use the information exposed in this breach to launch targeted phishing attacks. Likewise, you're going to want to be using the best antivirus software on your PC, the best Mac antivirus software on your Apple computer and the best Android antivirus apps on your smartphone just in case any of these phishing messages contain dangerous malware.

With your full name, address and email in hand, they could impersonate other popular companies to trick you into giving up your passwords or even handing over your hard-earned cash. This is why you need to be very wary of messages from unknown senders. Don’t click on links or download any attachments they contain and you also want to inspect the sender’s email address to make sure a message is legitimate and not just another scam.

We’ll have to wait and see what Ticketmaster says about this incident, but we’ll update this story if and when we hear back from the company itself.

More from Tom's Guide