Up to 560 million users affected: Possible data leak at TicketMaster
The ShinyHunters group offers more than 1 TByte of alleged data from the live provider in a darknet forum - the first authorities are already reacting.
(Image: Gorodenkoff/Shutterstock.com)
The "ShinyHunters" data thieves have returned with a coup and are offering over 560 million data records, allegedly taken from entertainment giant Live Nation, on their underground marketplace "BreachForums". The NYSE listed company, which is the parent company of Ticketmaster since 2010, describes itself as the world's largest provider of live entertainment. The data thieves now want to sell their loot for $500,000.
"Breach Forums" recently had been taken down by the FBI – in retrospect, it was probably only a defacement of the domains and not a confiscation of the technical infrastructure. The administrators of the "ShinyHunters" group quickly reclaimed the hijacked domains, and the fence forum is now back online on both the darknet and the internet.
Now the data thieves have come forward with a new data leak:they claim to have the complete data of 560 million Live Nation customers and are offering it for sale. In addition to names, addresses, and contact information, the database also contains order and payment information of Live Nation customers from all over the world.
Test data randomly checked by heise security looks plausible – the postal addresses checked appear to exist and can be partially assigned to individuals. In accordance with the PCI-DSS security standard, Live Nation had not stored any credit card numbers in plain text – the database only contains hashes and the expiration dates and last four numbers of the credit cards.
ShinyHunters is demanding 500,000 US dollars for the data and says it only wants to sell it once. The buyer or buyers would then have exclusive access to the Live Nation data.
(Image: Screenshot / heise security)
Live Nation has not yet commented on the alleged data leak. The company, which is listed on the US stock exchange, would be obliged to immediately report data leaks and cyber attacks to the US Securities and Exchange Commission (SEC) in a mandatory 8-K notification, but has not yet published such a notification as of early Wednesday afternoon German time. It is also unclear whether and how those affected can contact Live Nation to find out the extent of the data leak.
As reported by the Australian television station ABC News, the Australian Ministry of the Interior has confirmed the incident and is working with Live Nation to "understand it". The German Federal Office for Information Security (BSI) did not respond to an inquiry from heise security at short notice; we will update this report if necessary.
The event group and its subsidiary Ticketmaster are currently not only in trouble with data thieves, but also with the US judiciary. An antitrust lawsuit by the US government and 30 US states and districts against Live Nation is currently pending in a federal district court, and EU members of parliament were already annoyed by the company's pricing policy last year.
(cku)
