Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ticketmaster. Show all posts
Ticketmaster
Consumer Data malware Ransomware Taylor Swift Ticketmaster

Inside the Ticketmaster Hack: 440,000 Taylor Swift Fans at Risk

Inside the Ticketmaster Hack: 440,000 Taylor Swift Fans at Risk

In May, the hacking group ShinyHunters claimed to have gotten personal information from more than 500 million Ticketmaster users and was selling the data on the dark web, and the business has now admitted that consumer data may have been "exposed." 

The breach, initially believed to be limited in scope, has now escalated, affecting millions of ticket holders, including fans attending Taylor Swift’s Eras Tour. Let’s delve into the details of this high-stakes cybercrime.

Ticketmaster Data Breach: What You Need to Know

In an email sent to affected customers, Ticketmaster said that they had discovered "unauthorised activity" in a third-party cloud database, and that personal data of "some customers" who purchased tickets to events in North America (the United States, Canada, and/or Mexico) could have been compromised.

Ticketmaster confirmed that unauthorized access occurred, leading to the compromise of sensitive customer data. The hackers gained access to 193 million ticket barcodes, valued at an astonishing $22.6 billion. Among these, 440,000 tickets belong to Taylor Swift’s ongoing tour, leaving fans anxious and concerned.

The Ransom Demand

ShinyHunters, known for their audacity, demanded an $8 million ransom for the safe return of the stolen data. The group threatened to leak the ticket barcodes if their demands were not met promptly. Ticketmaster faced a dilemma: pay the ransom or risk exposing millions of customers’ personal information.

The American Ticket Sales and Distribution Company shared, "Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied. This is just one of many fraud protections we implement to keep tickets safe and secure."

"Some outlets are inaccurately reporting about a ransom offer. We were never engaged for a ransom and did not offer them money," Ticketmaster confirmed. 

Potential Implications

1. Privacy Concerns

Customers trust platforms like Ticketmaster with their personal details, including names, addresses, and payment information. The breach jeopardizes this trust and raises questions about data security practices within the industry.

2. Financial Impact

Ticketmaster faces a double bind: pay the ransom and potentially encourage further attacks, or refuse and risk public outrage. The financial implications extend beyond the ransom amount. Legal fees, compensation to affected customers, and damage control efforts will strain the company’s resources.

3. Reputation Damage

Ticketmaster’s reputation hangs in the balance. Swift action is crucial to mitigate reputational harm. Customers may think twice before purchasing tickets through the platform, affecting future sales and partnerships.

Some Key Takeaways

  • Third-Party Risk: Organizations must carefully assess the security practices of third-party vendors who handle sensitive data.
  • Encryption Matters: While Ticketmaster’s payment card information was encrypted, it’s crucial to ensure strong encryption methods are in place.
  • Prompt Communication: Ticketmaster’s quick response in notifying affected customers demonstrates the value of timely communication during a breach.

Read more »
Ticketmaster
cloud storage Cyber Attacks Data Security Breach Google Mandiant Hacker attack ShinyHunters Ticketmaster

Hackers Exploit Snowflake Data, Targeting Major Firms

 

Hackers who stole terabytes of data from Ticketmaster and other customers of the cloud storage firm Snowflake claim they gained access to some Snowflake accounts by breaching a Belarusian-founded contractor working with those customers. Approximately 165 customer accounts were potentially affected in this hacking campaign targeting Snowflake’s clients, with a few identified so far. 

It was a Snowflake account, with stolen data including bank details for 30 million customers and other sensitive information. Lending Tree and Advance Auto Parts might also be victims. Snowflake has not detailed how the hackers accessed the accounts, only noting that its network was not directly breached. Google-owned security firm Mandiant, involved in investigating the breaches, revealed that hackers sometimes gained access through third-party contractors but did not name these contractors or explain how this facilitated the breaches. 

A hacker from the group ShinyHunters said they used data from an EPAM Systems employee to access some Snowflake accounts. EPAM, a software engineering firm founded by Belarus-born Arkadiy Dobkin, denies involvement, suggesting the hacker’s claims were fabricated. ShinyHunters has been active since 2020, responsible for multiple data breaches involving the theft and sale of large data troves. EPAM assists customers with using Snowflake's data analytics tools. The hacker said an EPAM employee’s computer in Ukraine was infected with info-stealer malware, allowing them to install a remote-access Trojan and access the employee’s system. 

They found unencrypted usernames and passwords stored in a project management tool called Jira, which were used to access and manage Snowflake accounts, including Ticketmaster’s. The lack of multifactor authentication (MFA) on these accounts facilitated the breaches. Although EPAM denies involvement, hackers did steal data from Snowflake accounts, including Ticketmaster's, and demanded large sums to destroy the data or threatened to sell it. The hacker claimed they directly accessed some Snowflake accounts using the stolen credentials from EPAM’s employee. The incident underscores the growing security risks from third-party contractors and the importance of advanced security measures like MFA. 

Mandiant noted that many credentials used in the breaches were harvested by infostealer malware from previous cyber incidents. Snowflake’s CISO, Brad Jones, acknowledged the breaches were enabled by the lack of MFA and mentioned plans to mandate MFA for Snowflake accounts. This incident highlights the need for robust cybersecurity practices and vigilance, particularly when dealing with third-party contractors, to safeguard sensitive data and prevent similar breaches in the future.
Read more »
Ticketmaster
CISO cyber threat Data Breach MFA Santander ShinyHunters Ticketmaster

Ticketmaster and Santander Breaches Expose Cloud Security Flaws


Recent data breaches at Ticketmaster and Santander Bank have exposed major security vulnerabilities in the use of third-party cloud storage services. These breaches highlight the urgent need for robust security measures as more organisations move their data to the cloud.

On May 20, Ticketmaster experienced a data breach involving a third-party cloud storage provider. The breach, disclosed in a regulatory filing by its parent company Live Nation Entertainment, compromised the data of approximately 550 million customers. This stolen data, including sensitive personal information, was reportedly put up for sale on a Dark Web forum by a group known as "ShinyHunters."

Just a week earlier, on May 14, Santander Bank revealed a similar breach. Unauthorised access to a cloud-hosted database exposed data belonging to customers and employees, primarily affecting those in Spain, Chile, and Uruguay. ShinyHunters also claimed responsibility for this breach, offering the stolen data—which includes 30 million customer records, 28 million credit card numbers, and other sensitive information—for sale at $2 million.

Both breaches have been linked to Snowflake, a renowned cloud storage provider serving numerous high-profile clients like MasterCard, Disney, and JetBlue. Although Snowflake acknowledged recent malicious activities targeting its customers, an investigation by Mandiant and CrowdStrike found no evidence of a vulnerability or breach within Snowflake’s own platform. The attackers apparently exploited single-factor authentication credentials obtained through infostealer malware, highlighting the importance of robust authentication measures.

David Bradbury, Chief Security Officer at Okta, stressed the importance of implementing multi factor authentication (MFA) and network IP restrictions for securing SaaS applications. However, he pointed out that attackers are increasingly bypassing MFA by targeting post-authentication processes, such as stealing session tokens. This highlights the need for additional security mechanisms like session token binding.

Michael Lyborg, CISO at Swimlane, emphasised the shared responsibility model in cloud security. While cloud providers like Snowflake offer best practices and security guidelines, it is ultimately up to customers to follow these protocols to protect their data. Lyborg suggested that enforcing MFA and adopting a zero-trust security model by default could enhance data protection by a notable measure.


Challenges in Enforcing Security Standards

Patrick Tiquet, VP of Security and Architecture at Keeper Security, argued that while uniform security measures might enhance protection, they could also limit the flexibility and customization that customers seek from cloud services. He noted that some organizations might have their own robust security protocols tailored to their specific needs. However, the recent breaches at Ticketmaster and Santander highlight the dangers of relying solely on internal security measures without adhering to industry best practices.

The breaches at Ticketmaster and Santander serve as critical reminders of the risks associated with inadequate cloud security measures. As organisations increasingly transition to cloud-based operations, both cloud providers and their customers must prioritise robust security strategies. This includes implementing strong authentication protocols, adhering to best practices, and fostering a culture of security awareness. Ensuring comprehensive protection against cyber threats is essential to safeguarding sensitive data in the digital age.


Read more »
User Data Leak
Data Breach Financial Credentials phishing ShinyHunters Ticketmaster User Data Leak

Ticketmaster Data Breach Affects Over 500 Million Customers


 


We are all music fans at heart, and recently the most eye-catching tour is the three-hour Taylor Swift concert. The platform that sells tickets for these in-demand tours, Ticketmaster, has taken a hit. In a substantial blow to one of the world’s largest ticketing services, Ticketmaster has reportedly suffered a massive data breach impacting over half a billion customers. According to Mashable, the hacker group known as ShinyHunters claims responsibility for stealing customer data from nearly 560 million users. Although Ticketmaster has yet to confirm the breach, ShinyHunters has a history of high-profile hacks and is now selling the stolen data on a popular hacking forum for $500,000.


Details of the Stolen Data

ShinyHunters alleges they have obtained a substantial 1.3 terabytes of data, including sensitive information such as full names, addresses, and phone numbers. Additionally, the breach encompasses detailed order histories, which reveal ticket purchase details and event information. Alarmingly, partial payment information, including names, the last four digits, and expiration dates of credit cards, is also among the compromised data.


While waiting for Ticketmaster's official response, it is crucial for affected customers to take proactive steps to protect themselves. The stolen data could be used for targeted phishing attacks, making it essential to remain vigilant when checking emails, messages, or mail. Cybercriminals may impersonate reputable companies to trick individuals into revealing passwords or financial information.


To mitigate risks, users should avoid clicking on links or downloading attachments from unknown senders and always verify the legitimacy of the sender’s email address. Implementing robust cybersecurity measures, such as using the best antivirus software for PCs, Macs, and Android devices, can provide additional protection against potential malware infections.


Steps to Take Following a Data Breach

In the wake of a data breach, companies typically offer guidance and access to identity theft protection services. However, Ticketmaster has not yet confirmed the breach or announced any support for affected customers. Until more information is available, individuals should monitor their accounts for suspicious activity and consider changing passwords for any online accounts associated with the compromised email addresses.


Given ShinyHunters' notorious track record, including the 2021 leak of 70 million AT&T subscribers’ information, the claims warrant serious attention.


This incident surfaces the importance of cybersecurity and the potential vulnerabilities even large companies face. As the situation develops, staying informed and cautious will be key for those potentially affected by this breach. We will continue to provide updates as more information becomes available from Ticketmaster and other reliable sources.



Read more »
UK
Cyber Security Federal Security Service Ticketmaster UK

Ticketmaster Fined $10 Million by Department of Justice for Unlawful Business

Ticketmaster had to pay €7.3 Million ($10M) fine compensation for intervening in a rival company's computer systems, says the US Department of Justice. Ticketmaster agreed to pay a fine amount after it faced allegations by the US DoJ that the company gained unlawful access into rival company's systems to obtain information about its business. According to DoJ, the US ticket sales and distribution company illegally used retained passwords of a former employee of a rival company to access their computer systems. Ticketmaster had done this as a scheme to wipe out the competitor's business. Responding to the action, Ticketmaster has said that it feels good now that the issue is resolved.


The DoJ in the released statement said that the unlawful activity happened in 2017. The scheme involved 2 company employees, both now dismissed. According to Ticketmaster, the employees' actions violated their company policies and conflicted with their organizational values. Federal officers alleged Ticketmaster of computer intrusion, wire fraud, and other illegal activities dating back to 2013. The federals have agreed to remove charges in 3 years if the company doesn't make any trouble as per the federal prosecution deal. The inquiry emphasized the company's (Ticketmaster) attempts to obtain information, specifically related to concert pre-sale tickets, says the court statements. 

The rival is a UK based company with headquarters in Brooklyn, New York, but the information in legal documents suggest it was Songkick. Songkick holds expertise in offerings performance artists digital widgets called "artist's toolbox," which allowed Songkick to pre-sell tickets to their events on its online websites separately from ticket blocks which were available to Ticketmaster, a company owned by Live Nation Entertainment Inc. 

Live Nation and Ticketmaster unlawfully took a former worker rival company to get details about its business operations, client details, and marketing plans. The employee gave Ticketmaster the login credentials of his former company, which Ticketmaster used several times to gain access to computer systems and get information about Songkick's pricing to develop their own competing platform. 

Bloomberg reports, "songkick sued Live Nation and Ticketmaster in Los Angeles federal court and reached a $110 million settlement in 2018 that included the sale of its ticketing assets to Live Nation. Other Songkick assets had been sold earlier to Warner Music Group."
Read more »
Subscribe to: Posts (Atom)