Ticketmaster Faces Extortion Over Leaked Taylor Swift Event Barcodes

Ticketmaster is under severe pressure after cybercriminal ‘Sp1d3rHunters' threatened to release 170,000 Taylor Swift event barcodes unless a $2 million ransom is paid. This latest move compounds the company's ongoing data breach crisis, further endangering its users' data.

Sp1d3rHunters posted the extortion demand on BreachForums on July 5, 2024. The post boasts of compromising barcodes for Taylor Swift's Eras Tour events in Miami, New Orleans, and Indianapolis. The threat actor has also warned of additional leaks involving 30 million more event barcodes and the personal data of 680 million Ticketmaster users if their demands are not met.

In the latest post on BreachForums, Sp1d3rHunters not only provided a sample of the stolen barcodes but also included a tutorial link for creating fake barcodes. They further threatened to release additional barcodes for other major events, including those of artists like P!nk and Sting, and sporting events such as F1 Formula Racing, MLB, and NFL games.

Background on Ticketmaster breach

The threatening post by Sp1d3rHunters comes after Ticketmaster began notifying customers of a major data breach on June 28, 2024. This breach involved unauthorized access to a cloud database managed by Snowflake, a third-party provider. The incident was initially detected between April 2 and May 18, 2024. The company confirmed on May 23 that personal information, including names and contact details, might have been compromised.

Sp1d3rHunters first attempted to extort Ticketmaster on June 20, 2024, when the hacker leaked one million records on BreachForums after unsuccessful ransom negotiations. The leaked data included sensitive information such as names, addresses, emails, partial credit card details, and more.

Company's response

Ticketmaster, a leading ticket sales and distribution company, is headquartered in Beverly Hills, California, and operates globally. The company has engaged external cybersecurity experts and reported the incident to federal law enforcement. Measures taken to mitigate the breach impact include:

• Rotating passwords for all accounts linked to the affected database.
• Reviewing and tightening access permissions.
• Increasing monitoring and alert mechanisms.

Additionally, Ticketmaster offers affected customers complimentary identity monitoring services through TransUnion.

Affected customers are advised to monitor their Ticketmaster accounts and credit reports for suspicious activity, regularly review account statements, and be wary of phishing attempts via SMS or email.

The Ticketmaster breach looks like it has a long way to go yet: this was posted a few hours ago and whilst I imagine the barcodes are revocable (or at least can be reissued), the threat to dump 680M customers' data is a lot more worrying: pic.twitter.com/itiVM2NraZ

— Troy Hunt (@troyhunt) July 5, 2024

Ticketmaster has previously reassured that it's working towards enhancing its security measures to prevent further breaches and protect its users' data. However, the data that is already in the hands of cybercriminals remains a big headache for the firm and its customers, with the threat of a massive 680 million people data leak looming.