Gig giant Live Nation acknowledges mega data breach at Ticketmaster, compromising customer information

Gig giant Live Nation acknowledges mega data breach at Ticketmaster, compromising customer information

In a significant cybersecurity incident, Ticketmaster and its parent company Live Nation have suffered a data breach that compromised the personal and financial information of over 560 million customers. The breach was disclosed amidst multiple enterprises dealing with the fallout of an attack spree targeting Snowflake's customers.

The Third-Party Connection

The 2024 Ticketmaster data breach involved a third-party cloud data warehouse environment operated by Snowflake. Hackers exploited security vulnerabilities in Snowflake to access customer data from over 165 organizations, including Ticketmaster. This breach is linked to the cybercrime group ShinyHunters, which also took credit for the incident.

The Attack Method

The attackers used social engineering tactics to gain access. Specifically, the breach associated with Ticketmaster and similarly targeted organizations involved impersonation and phishing attacks aimed at employees, tricking them into providing access credentials or using compromised tools.

The Compromised Data

The amount and type of compromised data from the Ticketmaster breach were substantial. Initial exposure included call and text metadata related to nearly 110 million AT&T customers as part of the broader Snowflake attack, which also included Ticketmaster data due to the shared vulnerability. The stolen data contained personally identifiable information (PII) such as full names, dates of birth, phone numbers, email addresses, physical addresses, Social Security Numbers (in some consolidated datasets), and call and interaction metadata.

The Aftermath

Live Nation's remediation efforts are ongoing. The intrusion was detected by Live Nation on May 20 in a third-party cloud database environment. Live Nation is working to mitigate the risk to users and the company, and has notified law enforcement, regulatory authorities, and affected users. On May 27, a criminal threat actor offered compromised Ticketmaster user data for sale via the dark web.

The Cybersecurity and Infrastructure Security Agency has referred all inquiries back to Ticketmaster. The lawsuit, filed by the Justice Department along with 30 state and district attorneys general, accuses Live Nation and Ticketmaster of monopolization and other unlawful conduct that thwarts competition in markets across the live entertainment industry.

Ticketmaster's corporate owner, Live Nation Entertainment, announced a potential data breach in a filing with the Securities and Exchange Commission on Friday. However, the details of the third-party vendor, the method of attack, the type and amount of data stolen, and whether the breach has been contained remain unknown.

The live concert giant first identified the unauthorized activity three days before the Justice Department filed a civil antitrust lawsuit against Live Nation and Ticketmaster. BreachForums, where the data was initially posted, returned online earlier this month after indicating it was taken down by the FBI and international law enforcement agencies.

Key Points

• The Ticketmaster data breach involved a third-party cloud data warehouse environment operated by Snowflake.
• Hackers exploited security vulnerabilities in Snowflake to access customer data from over 165 organizations, including Ticketmaster.
• The stolen data contained personally identifiable information (PII) such as full names, dates of birth, phone numbers, email addresses, physical addresses, Social Security Numbers, and call and interaction metadata.
• Live Nation's remediation efforts are ongoing. The intrusion was detected by Live Nation on May 20 in a third-party cloud database environment.
• Live Nation is working to mitigate the risk to users and the company, and has notified law enforcement, regulatory authorities, and affected users.
• On May 27, a criminal threat actor offered compromised Ticketmaster user data for sale via the dark web.
• The Cybersecurity and Infrastructure Security Agency has referred all inquiries back to Ticketmaster.
• The lawsuit, filed by the Justice Department along with 30 state and district attorneys general, accuses Live Nation and Ticketmaster of monopolization and other unlawful conduct that thwarts competition in markets across the live entertainment industry.
• Ticketmaster's corporate owner, Live Nation Entertainment, announced a potential data breach in a filing with the Securities and Exchange Commission on Friday.
• The details of the third-party vendor, the method of attack, the type and amount of data stolen, and whether the breach has been contained remain unknown.
• The live concert giant first identified the unauthorized activity three days before the Justice Department filed a civil antitrust lawsuit against Live Nation and Ticketmaster.
• BreachForums, where the data was initially posted, returned online earlier this month after indicating it was taken down by the FBI and international law enforcement agencies.

1. The Ticketmaster data breach, a significant incident in cybersecurity, was linked to a third-party cloud data warehouse environment operated by Snowflake, which was exploited by hackers to gain access to customer data.
2. The stolen data, encompassing personally identifiable information (PII) such as full names, dates of birth, phone numbers, email addresses, physical addresses, Social Security Numbers, and call and interaction metadata, was substantial.
3. The breach, part of a spree targeting Snowflake's customers, is associated with the cybercrime group ShinyHunters and involved social engineering tactics like impersonation and phishing attacks.
4. Amidst this data breach fallout, Ticketmaster and its parent company Live Nation face a legal challenge in the form of a lawsuit filed by the Justice Department and multiple state attorneys general, accusing them of monopolization and other unlawful conduct that obstructs competition in the live entertainment industry.

Read also: