TicketMaster has begun notifying customers of a significant data breach involving their personal information. The company identified the unauthorized access to its cloud database, operated by a third-party provider, Snowflake, and is taking measures to mitigate the impact.
TicketMaster, a part of Live Nation Entertainment, is a leading American ticket sales and distribution company headquartered in Beverly Hills, California. It operates globally, providing services for numerous high-profile events. The breach poses a significant threat to the company's reputation and customer trust, given the scale and sensitivity of the exposed data.
The breach was discovered when an unauthorized third party accessed TicketMaster's cloud database between April 2, 2024, and May 18, 2024. By May 23, 2024, TicketMaster confirmed that personal information, including names, contact details, and other personal identifiers, might have been compromised.
The initial breach disclosure ties into earlier reports of security incidents involving cloud service provider Snowflake. TicketMaster's database was targeted by the threat group UNC5537, which has previously exploited stolen credentials to infiltrate cloud environments. This breach follows a series of attacks where hackers, including a notable figure named Sp1d3r, have released sensitive customer data on cybercrime forums after unsuccessful extortion attempts.
TicketMaster's response
TicketMaster has engaged external cybersecurity experts to conduct a thorough investigation and has reported the incident to federal law enforcement. The company has implemented several technical and administrative measures to enhance the security of its systems, such as:
- Rotating passwords for all accounts linked to the affected database.
- Reviewing and tightening access permissions.
- Increasing monitoring and alert mechanisms within the environment.
Additionally, TicketMaster is offering affected customers complimentary identity monitoring services through TransUnion, provided by Cyberscout, to mitigate the risk of identity theft. This service includes dark web monitoring and alert systems active for one year from the date of enrollment.
TicketMaster advises customers to stay vigilant by monitoring their accounts and credit reports for any signs of suspicious activity, regularly reviewing account statements, and placing a credit freeze or fraud alert on their credit files if necessary.
Customers are also warned to be cautious of phishing attempts, especially emails requesting personal information or containing suspicious links or attachments.
One thing that remains unclear is the number of TicketMaster customers impacted by this breach, which threat actors previously inflated to 680 million customers, leaking a sample of 1 million as proof.
In its notice to Maine's AG office, the company simply defines the number to be above a thousand, which is obviously not very transparent. Potentially, the exact number of exposed individuals is still under investigation, and the firm might add an update when it has a concrete figure to share. However, one would expect a more “close to reality” estimate after all this time.
TeamViewer Suffers Internal IT Systems Breach, Says Users Not Affected
Yes I also noticed that the email said CyberScout including on the survey that was filled out but then when I got the actual monitoring it is MyTrueIdentity.com and not CyberScout as is mentioned. There is no mention on how to call them to alert them. Something doesn’t seem right
I got the email from Ticketmaster and opened an account with mytrueidentity. The Ticketmaster email says “To further protect your identity and as a precaution, we are also offering you identity monitoring with TransUnion at no cost to you. Identity monitoring will look out for your personal data on the dark web and provide you with alerts for 1 year from the date of enrollment if your personally identifiable information is found online. These services will be provided by Cyberscout…” When I opened my account and logged into the website, there is no mention of identity monitoring and dark web alerts. Instead it’s just the standard run of the mill credit monitoring. When I called mytrueidentity and asked for guidance, they said they do not provide dark web monitoring as part of this offer (1-844-787-4607). I got the same or similar response from the number in the Ticketmaster email (1-800-653-1840). Both calls were very challenging and ultimately unproductive.
I received an email saying my Amex virtual card needed to be updated. I called Amex. it was not their email.
I actually got a letter in snail mail as well
Did you get an answer on this? I also fear a scam so I didn’t want to click the link in the email. I tried calling TransUnion and kept getting call-center people who wanted my social security #. No way am I giving that on the phone.
Is mytrueidentity.com a real site of Cyberscout to help people or a scam too?