A data breach at Ticketmaster is the latest in a string of high-profile corporate hacks over the past year.

In a recent filing with the US Securities and Exchange Commission (SEC), Ticketmaster owner Live Nation reported “unauthorised activity” within a third-party cloud database primarily housing Ticketmaster data. 

The company says it is collaborating with forensic investigators to address the breach.

ShinyHunters, a relatively obscure cybercrime group, has claimed responsibility for the hack, saying it stole data from over 500 million Ticketmaster customers. 

Despite this claim, Live Nation did not mention ShinyHunters in its SEC filing and has not yet responded to requests for comment.

The breach has exacerbated existing challenges for Live Nation, which is under regulatory scrutiny over antitrust concerns. Recently, the US government and multiple states filed a lawsuit to break up the company, alleging it has been inflating concert ticket prices.

In its SEC filing, Live Nation stated that on 27 May, “a criminal threat actor offered what it alleged to be company user data for sale via the dark web”. 

The company assured it is working to mitigate the risk to users and has notified law enforcement and regulatory authorities.

“As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information,” the filing read.

ShinyHunters is believed to have emerged in 2020 and has quickly gained notoriety for its aggressive data breach tactics. 

The group has been linked to several high-profile breaches, including the theft of 91 million user accounts from Indonesian e-commerce company Tokopedia and data from Microsoft's GitHub.

In 2021, ShinyHunters breached US telco AT&T, compromising data of more than 70 million customers. 

More recently, in September 2023, the group targeted Pizza Hut in Australia, stealing information from nearly 200,000 customers.

ShinyHunters uses sophisticated phishing techniques, creating fake login pages to steal credentials from company employees, which then provides access to sensitive information. 

Despite occasional arrests of its members, the group's decentralised structure allows it to continue its activities.

Cybersecurity experts caution that the Ticketmaster breach could lead to increased exploitation attempts. 

The full extent of the Ticketmaster breach is still unclear, but the stolen data allegedly includes names, addresses, phone numbers, and partial credit card details of customers worldwide. 

ShinyHunters is reportedly demanding a $500,000 ransom to prevent the data from being sold.
Some analysts suggest the breach may be “over-stated to boost attention”.