Hackers leak alleged Taylor Swift ticket data to extort Ticketmaster

Hackers claimed this week that they had obtained barcode data for hundreds of thousands of tickets to Taylor Swift’s Eras tour, demanding that Ticketmaster pay millions in ransom money or they would leak the information online.

The hacking group posted samples of the data to an online forum– ticket data on Swift’s shows in Indianapolis, Miami, and New Orleans – and alleged that it possessed an additional 30m million barcodes for other high-profile concerts and sporting events.

The ransom posts on the online forum were from the hacking group ShinyHunters, and an account that appeared to be associated with it called Sp1d3rHunters. The group has a history of claiming responsibility for major hacks against companies including Santander bank, AT&T, Microsoft and others.

Ticketmaster denied offering any money to the hackers, who had not engaged with the company about the ransom, according to a statement from parent Live National Entertainment. Ticketmaster also stated that its ticketing technology prevented such leaked barcodes from being used as tickets by refreshing barcodes every few seconds.

Hopeful Swifties probably won’t be able to attend their icon’s world tour with an ill-gotten ticket. Although the data appeared to be from the hacking group’s large scale breach of Ticketmaster and Live Nation earlier this year, cybersecurity experts who examined the leak agreed that the stolen data would not be useful for gaining access to an arena. The data could not be used as a ticket because the Ticketmaster mobile application uses dynamic barcodes, experts said, whereas the data in the hack is static.

“This data is almost certainly not sufficient to allow someone to recreate a barcode to get in,” said Don Smith, vice-president at the cybersecurity firm Secureworks. “If you’re running events of the size and scale of the Eras tour, you are not going to make it easy for someone to just get access to a database and then be able to create a fake ticket.”

Despite ShinyHunters’ ability to gain access to the Swift ticketing data, which included information on tickets for nine upcoming dates across the three US cities, experts said that companies such as Live Nation have more sophisticated measures to prevent that data from being used to actually steal tickets.

“If the thought here was that you’re going to create absolute chaos on all future Eras tour dates, I don’t think so,” Smith said.

The ransom threat to Live Nation is part of a broader rise in cyberattacks and ransomware in recent years. The attacks have targeted major corporations and public institutions, with analysts estimating that victims paid out $1.1bn in ransoms in 2023. The United Kingdom’s National Health Service is still reeling from a devastating attack by a Russia-based ransomware gang in June.

Earlier this year, ShinyHunters allegedly breached a third party contractor to gain access to Ticketmaster’s data that included the names, partial payment details, phone numbers, ticket sales and other information on around 560 million customers. LiveNation confirmed the hack in a filing with the US Securities and Exchange Commission in May after ShinyHunters took credit for the attack.

The hack added to Live Nation’s myriad of public relations problems and legal woes. The US Department of Justice sued the company in May, alleging it was illegally monopolizing ticket sales and seeking to break it up. Live Nation also faced widespread backlash over its handling of Swift’s Eras tour, with a botched sales process leading to hours-long waits, failure to handle consumer demand and tickets going on resale for exorbitant amounts. Swift herself has bashed the company repeatedly.

Swift’s tour has been the target of cyberattacks before. In February, hackers breached Australian events company Ticketek, breaking into individual accounts and reselling Eras tour tickets. The company set up pop-up stands outside Swift’s shows for fans to report their concerns and potentially regain their tickets.

ShinyHunters has also claimed responsibility for accessing bank and credit card numbers for around 30 million customers and employees at Santander bank earlier this year. The group attempted to sell that information to the highest bidder. In May, the FBI and US Department of Justice seized the online forum that ShinyHunters used to post information and ransom threats from its Live Nation and Santander hacks, but another site quickly popped up.

The Guardian

Leave a Reply