- author, Ruth Comerford
- stock, BBC News
-
A group of hackers say they stole the personal details of 560 million Ticketmaster customers.
ShinyHunters, the group claiming responsibility, says the stolen data included the names, addresses, phone numbers and partial credit card details of Ticketmaster users around the world.
The hacking group is reportedly demanding a $500,000 (£400,000) ransom to prevent the data from being sold to other parties.
The Australian government says it is working with Ticketmaster to resolve the issue. The FBI has also offered to help, a spokeswoman for the US embassy in Canberra told Agence France-Presse.
“The Australian Government is aware of a cyber incident affecting Ticketmaster,” a spokesperson for the Australian Department of Home Affairs said in a statement to the BBC’s media partner CBS News.
“The National Office for Cyber Security is engaging with Ticketmaster to understand this incident.”
American website Ticketmaster, one of the world’s largest online ticketing platforms, has yet to confirm whether it has suffered a security breach.
Cybersecurity experts warn the claims may be false, but authorities in Australia, where it was first reported, have confirmed they are investigating.
An ad with some samples of data allegedly obtained in the breach has been posted on the newly relaunched hacking forum BreachForums.
ShinyHunters has been linked to high-profile data breaches that have resulted in millions of dollars in losses for the companies involved.
In 2021, the group sold the real database of stolen information from 70 million customers of the American telecommunications company AT&T.
In September last year, the data of nearly 200,000 Pizza Hut customers in Australia was breached.
This latest hack coincides with the relaunch of BreachForums, a dark web site where other hackers can buy and sell stolen goods and information about hacks taking place.
The FBI seized the domain in March 2023, arresting its administrator Conor Brian Fitzpatrick, but it has since resurfaced, according to tech media.
Users of forums often raise the level of their hacking to get attention from other hackers.
They are often large stolen databases that appear first but contain false accusations and claims.
“If Ticketmaster has a breach of this magnitude, it’s important that they notify their customers, but sometimes criminal hackers make false or inflated claims about data breaches – so people don’t worry too much until the breach is confirmed.” Security analyst Kevin Beaumont says:
People reporting large amounts of data in the past have proven to be copies of previous hacks rather than newly stolen information.
But if verified, the hack could be a more significant breach in terms of numbers and the amount of data stolen.
This is not the first time Ticketmaster has been hit by security issues.
In 2020, it admitted to hacking one of its competitors and agreed to pay a $10 million fine.
In November, Taylor Swift had trouble selling tickets for her Era tour.
Earlier this month, US regulators filed a lawsuit against Live Nation, Ticketmaster’s parent company, accusing the entertainment giant of using illegal tactics to maintain a monopoly in the live music industry.
The Justice Department’s lawsuit alleges the company’s practices alienated competitors, and led to higher ticket prices and poor customer service.
BBC Live Nation has been contacted for comment.