Ticketmaster, a leading global ticketing service, has been compromised by a group named “ShinyHunters,” resulting in the theft of approximately 560 million customers’ account information.

What was stolen

According to a report by Channel NewsAsia, the stolen data included “names, addresses, emails, phone numbers, and the last four digits of customer credit card numbers along with the expiry dates.” The group is currently selling this data for a one-time fee of USD 500,000.

The method ShinyHunters used to execute the hack remains unknown.

Toby Lewis, Global Head of Threat Analysis, Darktrace, said, “This alleged attack on Ticketmaster is an unpleasant reminder that no organisation is immune from cyber threats. However, it’s crucial to approach this incident with scepticism until more information is available, as the timing of the data being offered on the relaunched BreachForums site raises questions about its authenticity.”

What should you do

Toby also shared his advice on what impacted should do in the meantime. He said, “It’s advisable to wait for confirmation and follow instructions from Ticketmaster’s incident response teams. While there’s no harm in proactively changing passwords (including on accounts with re-used passwords), customers should be prepared to do it again if necessary.”

He reiterated that cybersecurity should be at the forefront of businesses’ technology strategy. AI tools can automate prevention and response protocols, enabling proactive defence. Until more details emerge, customers should remain vigilant but avoid jumping to conclusions about the scale or impact of this alleged breach.”

What other experts say

Adam Brown, Managing Consultant, Synopsys Software Integrity Group

“For people who have a TickerMaster account, assume that it has been breached. Eventually it may show up on Troy Hunt’s HaveIBeenPwned security site and you’ll get a warning if you’re signed up, but until then you must assume your details are in that block of breached data. Be alert for scam emails and phone calls, immediately change your password if you have reused it elsewhere or even used a similar patterns elsewhere. Those in the public eye may want to change their phone number, the very cautious may want to change their credit card. This incident certainly does show the great responsibility and burden side that comes with the benefits of owning the monopoly in a market. More major players in that market would have meant that the sheer number of records breached would be diminished.”

Debrup Ghosh, Senior Product Manager, Synopsys Software Integrity Group

“Companies offering a digital marketplace need to place special emphasis on protecting key customer data, especially personally identifiable information (PII). In the age of digital transformation, data is a valuable currency – hence, companies need to continually protect not only company IP but also customer data that helps them study consumer preferences and build the product to better serve those consumer preferences. Overall, companies need to invest in both detection and prevention technologies that allow them to mitigate risk exposure from cyberattacks. Finally, such incidents impact consumer trust in the brand, and very often lead to both direct financial impact from lost revenue, and also punitive legal damages that impact the business.”