TicketMaster has begun notifying customers of a significant data breach involving their personal information. The company identified the unauthorized access to its cloud database, operated by a third-party provider, Snowflake, and is taking measures to mitigate the impact.
TicketMaster, a part of Live Nation Entertainment, is a leading American ticket sales and distribution company headquartered in Beverly Hills, California. It operates globally, providing services for numerous high-profile events. The breach poses a significant threat to the company's reputation and customer trust, given the scale and sensitivity of the exposed data.
The breach was discovered when an unauthorized third party accessed TicketMaster's cloud database between April 2, 2024, and May 18, 2024. By May 23, 2024, TicketMaster confirmed that personal information, including names, contact details, and other personal identifiers, might have been compromised.
The initial breach disclosure ties into earlier reports of security incidents involving cloud service provider Snowflake. TicketMaster's database was targeted by the threat group UNC5537, which has previously exploited stolen credentials to infiltrate cloud environments. This breach follows a series of attacks where hackers, including a notable figure named Sp1d3r, have released sensitive customer data on cybercrime forums after unsuccessful extortion attempts.
TicketMaster's response
TicketMaster has engaged external cybersecurity experts to conduct a thorough investigation and has reported the incident to federal law enforcement. The company has implemented several technical and administrative measures to enhance the security of its systems, such as:
- Rotating passwords for all accounts linked to the affected database.
- Reviewing and tightening access permissions.
- Increasing monitoring and alert mechanisms within the environment.
Additionally, TicketMaster is offering affected customers complimentary identity monitoring services through TransUnion, provided by Cyberscout, to mitigate the risk of identity theft. This service includes dark web monitoring and alert systems active for one year from the date of enrollment.
TicketMaster advises customers to stay vigilant by monitoring their accounts and credit reports for any signs of suspicious activity, regularly reviewing account statements, and placing a credit freeze or fraud alert on their credit files if necessary.
Customers are also warned to be cautious of phishing attempts, especially emails requesting personal information or containing suspicious links or attachments.
One thing that remains unclear is the number of TicketMaster customers impacted by this breach, which threat actors previously inflated to 680 million customers, leaking a sample of 1 million as proof.
In its notice to Maine's AG office, the company simply defines the number to be above a thousand, which is obviously not very transparent. Potentially, the exact number of exposed individuals is still under investigation, and the firm might add an update when it has a concrete figure to share. However, one would expect a more “close to reality” estimate after all this time.
Leave a Reply