Ticketmaster has confirmed a data breach last month resulting in the theft of email addresses, phone numbers, and encrypted payment card information.
The breach, claimed by the hacking group ShinyHunters, purportedly involved 1.3TB of data affecting 560 million users, though a notification to Maine’s Attorney General indicated only “>1000” individuals were affected, leaving the true scope unclear.
The breach primarily impacted users in the US, Canada, and Mexico. Ticketmaster is notifying affected customers via email or first-class mail, stating that those not contacted likely had no sensitive information involved.
Besides email and phone numbers, hackers stole encrypted credit card details, including the last four digits and expiration dates of cards. This aligns with ShinyHunters’ May attempt to sell the stolen data for $500,000.
Ticketmaster attributes the breach to hackers accessing an isolated cloud database hosted by a third-party provider, believed to be Snowflake. Google’s Mandiant security researchers identified the hacking group “UNC5537” as exploiting poor password security to target up to 165 organizations using Snowflake.
In response, Ticketmaster is offering 12 months of free credit monitoring to affected users. However, it assures that Ticketmaster accounts were not compromised, and password changes are unnecessary.
Ticketmaster has not disclosed further details or responded to additional requests for comment. The company continues its efforts to notify and support affected customers during this period.