What to know about the purported theft of Ticketmaster customer data

A cybercriminal group claims it has stolen personal data belonging to more than 500 million Ticketmaster customers. Although the event ticketing service, owned by Live Nation Entertainment, hasn't confirmed the attack, security experts warn that it could put users of the platform at risk for a range of scams. 

The hackers, called ShinyHunters, said in an online forum that they have gained access to Ticketmaster customers' information and that they plan to sell the data. But Jared M. Smith, an engineer at SecurityScorecard, a company that monitors computer network breaches across the internet, cautioned that it remains to be seen if the theft is real. 

"It's still not verified. We don't know whether the hackers that posted it are making this up or not, that's something we're waiting for," he said. "It could be part of a publicity stunt."

Here's what to know about what kind of data might have been exposed, as well as how to protect yourself.

What is ShinyHunters?

The hacking group emerged in 2020 and drew attention the following year when it exposed huge troves of customer records from more than 60 companies. 

According to the Department of Justice, the ShinyHunters stored and sold stolen data on the "dark web," including customer databases with personal and financial information. Members of the group also used social media to solicit potential buyers for the for data, including sometimes notifying the media about their exploits and posting images on a website appearing to show stolen material. Targets included a range of companies and millions of consumers.

Sebastien Raoult, a French computer hacker and ShinyHunters member, in January was sentenced to three years in prison and ordered to pay more than $5 million in restitution after pleading guilty to conspiracy to commit wire fraud and aggravated identity theft.

ShinyHunters may not have hacked Ticketmaster, and instead could effectively be serving as a middleman by selling the customer data, experts noted. The group's post said the data was available for purchase for $500,000 in a "one-time sale."

How many people may have been affected? 

ShinyHunters said it has obtained personal data belonging to 560 million Ticketmaster customers. Although that would rank as one of the largest cyberthefts of all time, one expert said that some of the info the group claims to have stolen was likely already publicly available.  

"The reality is there are a lot of records missing, and it sounds really bad. But from a practical standpoint, how many people had information stolen that isn't out there already? A lot of it is public record," cybersecurity expert Joseph Steinberg told CBS MoneyWatch. "From the raw data itself, there's probably a lot less than it sounds like. We sometimes get impressed by numbers, but what matters much more is the quality of the data and what it means."

What kind of information was purportedly exposed?

ShinyHunters said it obtained the full names of Ticketmaster customers addresses, phone numbers, partial credit card details, and order and transaction info.

CBS News reviewed 52 email addresses that were posted by ShinyHunters and found they were connected to individuals in several U.S. states, as well as in Canada and New Zealand, CBS News' Erielle Delzer reported. Many of the addresses were linked to TicketMaster accounts, while the names of current and former employees of the event platform were also included in the leak.

"It's a lot of information you don't often see together," Smith said. Often hackers just get usernames and passwords, and sometimes payment information. But you don't often see addresses and past purchases, and all of that together would make quite a perfect set up for a group to put up sites that look like Ticketmaster sales partners to target consumers they know have purchased event tickets before," he told CBS MoneyWatch. 

"This breach would prey on a really easy target audience to scam people into buying fake tickets," Smith added. 

What is Ticketmaster doing about the alleged attack?

Nothing, yet. The company has not verified the purported cyberattack. It didn't immediately respond to a request for comment. 

The Australian government said Thursday it is investigating the hacking group's claims. The FBI has offered assistance to Australian authorities, a spokesperson for the U.S. Embassy in Canberra told Agence France-Presse.

"The Australian Government is aware of a cyber incident impacting Ticketmaster," a spokesperson for the Australia Home Affairs Department said in a statement to CBS News. "The National Office of Cyber Security is engaging with Ticketmaster to understand the incident." The department also urged people with "specific inquiries relating to this incident" to contact Ticketmaster.

What should Ticketmaster users do now?

First, and crucially, consumers should assume that they are at risk of being hacked, Steinberg said, emphasizing the need for people to have the right mindset. For example, a consumer who believes they're being targeted by hackers will think twice before clicking on a link offering them concert tickets to their favorite band from an unknown entity. 

"You have to internalize the fact that you are a target. People who believe they are targeted behave differently than people who don't believe that," he said.

Regarding Ticketmaster, Smith urged consumers not to click on links to concert ticket sales they don't recognize and to call the service's support line to verify any offers. 

"Someone who doesn't think they're targeted would say, 'Wow, this is great, not thinking they got the data from the Ticketmaster breach and social engineered it," Steinberg said.

Security expert Dean Drako, CEO of Eagle Eye Networks, urged anyone who has purchased tickets through Ticketmaster to take several precautionary steps:

• Immediately change account usernames and passwords
• Monitor bank accounts and credit cards for signs of fraud or unusual behavior
• Initiate a fraud alert or credit freeze

"A fraud warning makes it harder for identity thieves to create accounts in your name," he said. "A credit freeze makes it very difficult for an identity thief to create new accounts in your name by blocking creditors from seeing your credit report. This is an extra layer of protection in case you are concerned about identity theft."

—CBS News' Erielle Delzer contributed to this report.

In:
• Ticketmaster

Megan Cerullo

Megan Cerullo is a New York-based reporter for CBS MoneyWatch covering small business, workplace, health care, consumer spending and personal finance topics. She regularly appears on CBS News 24/7 to discuss her reporting.