In a world where data is the new gold, a massive cyber heist has supposedly taken place. The international hacker syndicate ShinyHunters says it has stolen the personal data of 560 million Ticketmaster customers, marking a potential milestone in the history of cybercrime.
The stolen data reportedly includes names, addresses, phone numbers and partial credit card details of Ticketmaster users around the world. The hacking group is demanding a $500,000 ransom to prevent the data from being sold to others. The Australian government and FBI have offered to assist Ticketmaster in dealing with the issue, although the company has yet to confirm whether it suffered a security breach.
The ShinyHunters, known for their “extraordinarily devious” tactics, have been linked to a number of high-profile data breaches in recent years. In 2021, they sold a veritable database of stolen information to 70 million customers of the US telecommunications company AT&T. Last year, nearly 200,000 Pizza Hut customers in Australia suffered data breaches, allegedly by the group.
The group operates much like players in the Pokémon animated game, driven by the goal of “Catch ‘Em All!”. Instead of hunting and collecting Pokémon characters, these cybercriminals steal and resell as much data as possible. The group’s activities are not just limited to the dark corners of the Internet. They are known to promote their one-off sales of stolen data on dark web forums, which they also operate.
However, cybersecurity experts warn that the claims could be false. “If Ticketmaster has suffered a breach of this magnitude, it is important that they notify customers, but it is also important to consider that criminal hackers sometimes make false or inflated claims about data breaches, so people should not be overly concerned until a breach is not confirmed,” says security researcher Kevin Beaumont.
The alleged breach coincides with the relaunch of BreachForums, a dark web site where hackers buy and sell stolen material. The FBI had previously taken action against the domain, arresting its administrator Conor Brian Fitzpatrick, but according to tech media he has resurfaced.
The ShinyHunters group has proven to be a formidable opponent for global companies. They are known to create websites that imitate the login pages of legitimate companies, send phishing emails to company employees, and steal login data to access information on company networks and third-party vendors.
More for you: