Ticketmaster is yet to confirm whether it has experienced a major data breach or if Australians are impacted, after a notorious hacker collective claimed it had the personal details of millions of the ticketing giant’s global customers for sale.
The collective, ShinyHunters, claimed on Wednesday on the dark web it had the personal details of 560 million Ticketmaster customers available for a one-time sale of US$500,000. It also demanded a ransom for the data not to be released.
The collective, which has been responsible for other high-profile data breaches, claimed the personal details it had for sale included names, addresses, emails, phone numbers and the last four digits and expiration date of credit cards.
Ticketmaster’s parent company, Live Nation, did not respond to a request for comment, and was yet to make a public statement on the alleged data breach.
The Australian government confirmed it was aware of a cyber-incident impacting Ticketmaster and had engaged the ticketing giant to understand the details. Home affairs directed questions on details of the incident to Ticketmaster.
One Australian Ticketmaster customer told Guardian Australia he was concerned that he had not yet received any communication from Ticketmaster detailing the breach, or advice for its customers.
Prof Nigel Phair, a Monash University expert in cybersecurity, said there were about 5 million Ticketmaster customers in Australia and New Zealand. He said it was troubling that Ticketmaster had not yet made a public statement regarding the alleged data breach.
“Organisations need to be more proactive in their communications and inform the public what has happened and how they are remediating the situation,” he said.
“When you have a vacuum of information, whether from the government or the business itself, it makes it a whole lot worse.
“Consumers need to remain hyper-vigilant in the online world and be on the lookout for unusual emails, SMS or phone calls. They should also look for any suspicious credit card transactions.”
Brett Callow, a threat analyst with cybersecurity firm Emsisoft, said it appeared the breach could be genuine, but it was unclear when it happened or how.
“It would be in Ticketmaster’s best interest to make a statement sooner rather than later. People are understandably concerned and they have a right morally if not legally to be informed as to what’s happening,” Callow said.
Callow said the forum on which ShinyHunters posted claims of the breach, BreachForums, recently went quiet after it was seized by a team of international law enforcement agencies. He said the post about the breach may be part of efforts to gain attention and resurrect the forum again.
ShinyHunters has a history of high-profile data breaches, Callow said, including leaking information about 73 million AT&T current and former customers. The telecommunications company confirmed nearly two weeks after the data was offered on the dark web that it was legitimate.
Christopher Budd, director of threat research at Sophos, said it was too early to tell whether there was a breach given there’s only the “attackers’ words to go on”.
“Regardless of whether the breach is legitimate, the attackers have been successful in drawing attention to a criminal forum that was recently taken down. As with many takedowns like this, we often see the sites rebooted, so organisations should never let their guard down,” he said.
Prof Matthew Warren, an RMIT expert in cybersecurity, said the advice was always to not pay a ransom for stolen data, given it can increase the chances of future attacks.
“Once the data has been stolen from the organisation there is nothing that the organisation can do to protect the data. If the organisation had encrypted the data, then if the data had been stolen, it would have been unusable by the hacker,” he said.
Phair said data breaches were becoming all too common and called on the government to do more.
“The current legislative approach is clearly not working, as organisations are still not putting sufficient effort into cyber-risk management,” he said.
