Since May 28, 2024, the Australian authorities and the FBI have been tackling an investigation of the utmost importance. Was the event ticket sales platform Ticketmaster really hacked? Following a claim from the hacker group ShinyHunters via a forum, the Australian government is facing an unprecedented crisis to ensure the seriousness of the matter. According to the hackers’ statement – first spotted and shared by HackRead and CyberDaily.au – a computer flaw allowed them to to access the personal information of 560 million users. The result would be a huge file of 1.3 tera of compromising data, which ShinyHunters is offering for sale for “only” $500,000. What are the concrete risks of this leak for Ticketmaster users?
No information is spared
In its claim post, the hacker group indicates that the compromised data includes all the personal information of users of the platform, namely:
- Name, first name, address, email address and telephone number
- Transaction history
- Event Details
- Order details (suggesting access to e-tickets)
- Banking information (last 4 registered card numbers and expiration date)
- User Account Fraud Details
This leak would also contain “much more information” that the group did not wish to reveal to the public. If the Ticketmaster hack is ultimately proven, it would be one of the most dangerous data thefts in history. Given the quantity of profiles affected and the information extracted, the possible buyer of the file as well as the ShinyHunters group will have the possibility of commit identity theft and financial fraud, or even more easily organize other cyberattacks.
Where is the investigation?
For now, the FBI continues its efforts to shut down BreachForums to prevent the sale of the alleged data. The dark web platform specializing in stolen information was shut down in March 2023, but has just reappeared following this new leak. Worse still, the site is now accessible from classic browsers. However, some experts are calling for calm while waiting for progress in the case. “If Ticketmaster has suffered a breach of this magnitude, it is important that it notifies its customers, but it should also be considered that criminal hackers sometimes make false or exaggerated claims about data breaches. People should therefore not be overly concerned until information theft is confirmed.” declares researcher Kevin Beaumont at the BBC.
In the past, ShinyHunters managed to recover the personal information of 70 million customers of the American operator AT&T, as well as data from 200,000 Australian Pizza Hut accounts. Nothing compares with the 560 million Ticketmaster profiles that the pirate group puts forward today. The possibility of a false declaration to boost the return of BreachForums is therefore not improbable. From now on, only time will tell us if we are really experiencing one of the most dramatic episodes in the history of computer hacking. To be continued.
-
-
