Security10.07.2024

Ticketmaster data breach uncertainty

Ticketmaster has yet to reveal whether the personal information of South African customers was compromised in a data breach between 2 April and 23 May 2024.

In a letter notifying customers of the breach, Ticketmaster warned its customers to remain vigilant and offered one year of free identity monitoring to track their credit history.

“Ticketmaster recently discovered that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider,” the letter reads.

“On 23 May 2024, we determined that some of your personal information may have been affected by the incident. We have not seen any additional unauthorized activity in the cloud database since we began our investigation.”

It added that compromised data could include customer names, basic contact information, and other information which differs depending on the customer.

“To further protect your identity and as a precaution, we are also offering you identity monitoring with TransUnion at no cost to you,” it said.

“Identity monitoring will look out for your personal data on the dark web and provide you with alerts for one year from the date of enrollment if your personally identifiable information is found online.”

MyBroadband asked Ticketmaster if any South African customers were impacted, but it hadn’t answered our questions by publication.

Ticketmaster previously told MyBroadband it had launched an investigation with industry-leading forensic investigators to determine what had happened.

“We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement,” it said.

“As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.”

The “unauthorized third party” in question is the ShinyHunters hacking group, which claimed responsibility for the attack on 4 June 2024 and posted an advert for the data on the dark web.

The group claimed to have stolen the private information of 560 million customers.

Ticketmaster launched a ticket ballot system for the Springboks’ clash against New Zealand in September 2024. Editorial credit: Victor Velter / Shutterstock.com

While Ticketmaster wasn’t targeted directly, ShinyHunters attacked a big data cloud hosting company, Snowflake, which many large firms use to store and monetize data.

One such firm that uses Snowflake’s services is Ticketmaster’s parent company, Live Nation.

ShinyHunters reportedly demanded $500,000 (R9.1 million) to prevent it from selling the data it stole.

As the attack was on Snowflake, other firms who use its services likely also suffered data breaches.

Snowflake chief information security officer Brad Jones said the company had observed heightened cybercriminal activity targeting its customers.

While attackers only breached a “limited number” of accounts, Jones noted they had obtained login credentials to Snowflake’s systems.

The cloud database company also found that an unauthorized party accessed an ex-staff member’s “demo” account.

“We have no evidence suggesting this activity was caused by any vulnerability, misconfiguration, or breach of Snowflake’s product,” said Jones.

Security researcher and HaveIBeenPwned founder Troy Hunt disagreed with Jones’ claims. He said the company suffered an outstandingly bad security compromise.

“It being a provider to many other different parties, it has sort of bubbled up to different data breaches in different locations,” he added.

Ticketmaster’s acknowledgement of the breach came shortly after Ticketmaster announced a ballot system for South African customers to get a chance to buy tickets to watch the Springboks take on the All Blacks in Cape Town in September.

It said it expected a large influx of users logging onto the system, and it launched the ballot system to ensure South Africans get equal opportunity to buy tickets.

It will also help mitigate scalping.

Those interested were required to register their interest by 9 June 2024, and Ticketmaster emphasized that registering interest doesn’t automatically secure tickets.

“Successful applicants randomly selected from the draw will be invited to purchase up to four tickets per customer on a first-come, first-served basis,” it said.

While the breach may not have impacted these customers as it occurred before the launch of the ballot system, Ticketmaster is widely used in South Africa for various events.

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter