Music lovers, beware! Hackers have released data for roughly 40,000 print-at-home Ticketmaster tickets, posing a security risk to thousands.
The leak, which affects fans planning to attend 154 forthcoming concerts and events, raises questions about the authenticity of tickets obtained through the platform.
Ticketmaster has yet to issue an official statement on the incident, but here's what you need to know to protect yourself.
Hackers are now claiming they've taken control of 193 million Ticketmaster ticket barcodes, including 440k for upcoming @taylorswift13 concerts, with a cumulative face value of >$22 billion
— Jack Stephens (@iamjackstephens) July 5, 2024
If this is true, it's pretty cataclysmic pic.twitter.com/6p9FXuHFAp
In a continuing extortion attempt against Ticketmaster, threat actors have released nearly 39,000 print-at-home tickets to 150 forthcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and the Foo Fighters.
The tickets were disclosed by 'Sp1derHunters,' a threat actor who sells data taken from Snowflake accounts in recent attacks.
In April, hacking actors began obtaining Snowflake databases from at least 165 companies using credentials acquired by information-stealing malware.
Ticketmaster and AXS employ unique barcodes for "non-transferable" tickets. These barcodes, like certain login programs, change every few seconds, making screenshots useless.
Tickets are sometimes issued close to the event time to limit sharing. This keeps ticket sales on their platforms.
Hackers used an Android phone connected to Chrome DevTools on a desktop PC to retrieve secret tokens from Ticketmaster and AXS, leveraging Conduition's disclosed findings.
These tokens allow them to set up a parallel ticketing system that creates valid barcodes for other platforms. This permits them to sell legal tickets on sites that Ticketmaster and AXS do not authorize.
Woah, so the Ticketmaster hackers are not only threatening to release stolen personal data but ticket barcodes to upcoming events such as Taylor Swift and Pink now as well!
— Jake Moore (@JakeMooreUK) July 5, 2024
In May, hackers claimed to have stolen data from Ticketmaster, affecting 560 million customers. They wanted a ransom but eventually disclosed 166,000 Taylor Swift ticket barcodes, which Ticketmaster claims are unusable due to security precautions.
They said:
"Ticketmaster's SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied."
Sp1d3rHunters responded to Ticketmaster's statement, claiming that numerous print-at-home tickets with non-rotatable barcodes had been stolen.
The threat actor made a post on a hacking forum, saying:
"Ticketmaster lies to the public and says barcodes can not be used. Tickets database includes both online and physical ticket types."
"Physical ticket types are Ticketfast, e-ticket, and mail. These are printed and can not be automatically refreshed."
This incident highlights the continuous struggle between event organizers and cybercriminals. Ticketmaster believes the hacked tickets are unusable, but the hacker claims a workaround exists.
With so many famous events targeted, supporters are left puzzled and maybe exposed. The exact depth of the hack and its efficacy remains unknown, but it highlights the significance of strong cybersecurity safeguards in the ticketing sector.
Use PurePrivacy to robust your data security and avoid unwanted access to your online space.