Ticketmaster users urged to carry out crucial check as ‘560m users’ data breached’ with hackers threatening to sell info

TICKETMASTER customers have been warned to carry out several important checks on their account amid reports the site has allegedly suffered a major data breach.

Hacker group Shiny Hunters claim to have stolen personal information belonging to 560million people who have bought tickets from platform or its parent company Live Nation.

1

They are allegedly threatening to sell the trove of data to criminals unless the company pays a $500,000 / £400,00 ransom.

Ticketmaster and Live Nation are yet to confirm the security breach.

Details the hackers claim to have obtained include full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data, according to Hackread.

“Right now, since we only have the attackers’ words to go on, it’s too early to make any firm statements about whether there was a breach and what, if any, data was stolen,” said Christopher Budd, director, threat research, Sophos.

“While there allegedly are new data in the dump, there is also older info, meaning it could be a series of concatenated data.

“Regardless of whether the breach is legitimate, the attackers have been successful in drawing attention to a criminal forum that was recently taken down.

“As with many take downs like this, we often see the sites rebooted, so organizations should never let their guard down.”

Cyber experts have also warned customers to take action now in case.

Jake Moore, Global Cybersecurity Advisor at cybersecurity firm ESET says the first thing people should do is change their account’s password.

But he also warns users to look out for follow-up emails claiming to be from Ticketmaster asking for information.

“The amount of highly personal data in this extremely large breach makes this extra worrying for all those involved,” he said.

“Ticketmaster is choosing not to pay the ransom which is slowly becoming more common as aftermath clean-ups improve.

“However, this is not the first time they have fallen victim to a large-scale breach which will question how they handle their customer data.

“As the sensitive information is now up for sale, those affected must remain extra careful, change their passwords and steer clear of follow-up emails, texts and calls claiming to be from companies and requesting information.

“High profile data breaches can have long-lasting effects on customers including identity theft and financial fraud.”

The Australian Government said Thursday it was investigating the claims.

And a US embassy spokesperson told AFP that the FBI has offered assistance to Australian authorities.

Meanwhile, the UK’s data watchdog told The Sun that it’s not received a data breach report on the matter.

“Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms,” an ICO spokesperson said.

“If an organisation decides that a breach doesn’t need to be reported they should keep their own record of it, and be able to explain why it wasn’t reported if necessary.”