Hacking Group Released 39,000 More Print-At-Home Concert Tickets as Ticketmaster Hack Continues to Expand

by | Jul 12, 2024

A busy summer concert season is at risk of being spoiled as an ongoing Ticketmaster hack continues yielding stolen tickets, many of which are of a type that would have to be canceled and re-issued to the legitimate customer once leaked. A hacking group that has been threatening Ticketmaster has released 39,000 more print-at-home concert tickets, and has promised to release millions more if not paid a ransom.

The group had already leaked some 166,000 concert tickets for the extremely popular Taylor Swift tour last month. The new batch contains tickets for the Red Hot Chili Peppers, Alanis Morissette, Bruce Springsteen, Aerosmith, Pearl Jam and Neil Young among other in-demand artists.

Hackers have been hounding Ticketmaster since April, concert tickets may have come from Snowflake breach

Ticketmaster has now faced several different threats of data leaks in short order, all perpetrated either by Sp1derHunters (behind the most recent leak) or well-known threat group ShinyHunters. The common thread that runs through them seems to lead back to the Snowflake cloud storage breach that took place in April, which is confirmed to have impacted Ticketmaster among about 165 other businesses.

ShinyHunters claims that the Ticketmaster hack has yielded more than just concert tickets. In a post on BreachForum that has since been removed, the hacking group claimed to have hundreds of millions of encrypted credit card numbers, sales orders, address verification records and email addresses among other things. The group was seeking an $8 million ransom at the time.

The exact relationship between Sp1d3rHunters and ShinyHunters remains unclear. The former could be an independent group that also breached Snowflake and has since begun some sort of partnership with the latter on the Ticketmaster hack, which would explain the multiple and shifting ransom demands over time. It is also possible that Sp1d3rHunters simply is ShinyHunters operating under a different name. Whatever the case, both seem to have access to the same or similar data.

In May, ShinyHunters threatened to leak 560 million concert tickets that it said had been stolen from the compromised Snowflake storage. This was followed by Sp1d3rHunters threatening the company with the 166,000 Taylor Swift tour tickets. Sp1d3rHunters appears to be referencing the same Ticketmaster hack with its most recent dump, looking to turn up the heat as the ticket giant has apparently refused to budge on making a payment.

Ticketmaster hack far from resolved

The Ticketmaster hack threatens to put an ongoing strain on customers. Not only is the amount of personal information captured from Snowflake still unclear, the first of the concert tickets that were leaked are for shows that already took place in early July.

Ticketmaster says that those with mobile tickets are unaffected by the breach, as the Safetix technology it uses automatically rotates barcodes multiple times per day. But the fate of print-at-home ticket holders is much more uncertain. Ticket purchasers can receive their ticket in a PDF form by email, or can have the ticket mailed to them. Those tickets appear to have fixed barcodes that are compromised if they are stolen and leaked or sold to other parties. The roughly 39,000 concert tickets that Sp1d3rHunters appear to all be this sort of barcode.

Customers with print-at-home tickets for upcoming concerts, as well as Cirque du Soleil shows, now cannot have complete confidence that their ticket will still be valid when they turn up at the venue. Ticketmaster has only said that it believes concert tickets are safe and that customers do not have to worry, but only mentioned its mobile tickets in public statements. Right now there is no clear policy on re-issuing printed tickets that could possibly be compromised.

Sp1d3rHunters is demanding a ransom of $2 million to keep from releasing the rest of the concert tickets it holds. The hackers claim that Ticketmaster has offered $1 million, but the company has not confirmed it is in negotiations.

Recent Posts

How can we help?

14 + 12 =

× How can I help you?