A hacking group known as ShinyHunters now claims that the scale is way more enormous than initially alleged, following new reports of the Ticketmaster data breach back in May. It claimed that it viewed 1.3 TB worth of customer data, which affected around 560 million users.
ShinyHunters had already set a ransom price with Live Nation, the parent company of Ticketmaster, at $1 million, but then further revised the price for these hacked data to as high as $8 million. Ticketmaster, however, refuted any ransom payment with the statement, “We were never engaged for a ransom and did not offer them money.”
As per the cybersecurity outlet Hackread, ShinyHunters announced on Breach Forums that they believe the data breach could be valued more than what was previously estimated. Now, according to this group of cyber actors, they stole ticket barcodes consisting of 193 million messages and more than $22.6 billion in worth, including 440,000 tickets for Taylor Swift’s Eras Tour and an additional 30 million barcodes related to 65,000 other events.
The hacking group ShinyHunters said in a provocative statement that instead of performing on her tour, Swift will be “performing in front of Congress.” They added, “We found out how to make way more expensive and insurance surely accepts this; we restart negotiations at $8M let the negotiator and insurance know.”
On these claims, Ticketmaster pointed out their SafeTix technology, which, according to them, “protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied.” It reiterated that they apply a wide range of fraud protections to be implemented to keep tickets safe and unassailable.
Despite all these assurances, the BBC mentioned that Ticketmaster has sent emails to all its customers in North America asking them to guard against identity theft and fraud. Similar notifications have reportedly been issued to people in the US and Mexico.
Adding to the mayhem, ShinyHunters leaked 30,000 ticket barcodes and even published a tutorial on how to create fake tickets. The data dump includes unique barcode values, details regarding the events, sales order details, seating details, and user session details. This could result in very serious problems: barcode duplication, money loss, overcrowding, and security problems.
The hackers have threatened Ticketmaster, stating: “You now have to reset 30K more tickets. Pay us $2m or we will leak the mail and e-ticket barcodes for all your events.” They have also released a tranche of Taylor Swift tickets for an upcoming show to prove their claims.
Ticketmaster has begun to notify users affected by the breach, offering to enroll them in identity theft monitoring services. The company said that its SafeTix technology makes it impossible to replace the leaked tickets since it updates barcodes regularly.
The breach raised several red flags, including those from Sen. Richard Blumenthal of Connecticut, a Democrat, who expressed shock over how the situation was being handled by Ticketmaster: “There are urgent concerns about what information was stolen and how that data might be exploited,” He called on consumers to be vigilant and monitor bank accounts for suspicious activity.
While investigations are in process, not fully explored is the extent of this breach and the implications associated with it. Surely, though, it does underline a new emerging threat of cyberattacks and brings home strongly the robust security measures that must be put in place to protect sensitive consumer data.