2022 music festivals in Southern California — who’s playing and how to get tickets

Hackers Leak Alleged Taylor Swift Tickets, Amp Up Ticketmaster Extortion

Update: Ticketmaster statement added below.

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid.

In May, a well-known threat actor named ShinyHunters began selling data on 560 million Ticketmaster customers for $500,000.

Ticketmaster later confirmed the data breach, which they ultimately stated was from their account on Snowflake, a cloud-based data warehousing company used by the enterprise to store databases, process data, and perform analytics.

In April, threat actors began downloading Snowflake databases of at least 165 organizations using credentials stolen by information-stealing malware.

The threat actors then blackmailed the companies, demanding payment to prevent the data from being leaked or sold to other threat actors. Companies confirmed to have had data stolen from their Snowflake accounts include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.

Today, a threat actor known as Sp1d3rHunters has leaked what they claim is the ticket data for 166,000 Taylor Swift Eras Tour barcodes used to gain entry on various concert dates.

Sp1d3rHunters, previously named Sp1d3r, is the threat actor behind the sale of data stolen from Snowflake accounts, publicly extorting the various companies for payments.

"Pay us $2million USD or we leak all 680M of your users information and 30million more event barcodes including: more Taylor Swift events, P!Nk, Sting, Sporting events F1 Formula Racing, MLB, NFL and thousands more events," reads the extortion demand first shared by threat intel service HackManac.

The post claims the barcode data is for upcoming Taylor Swift concerts in Miami, New Orleans, and Indianapolis.

The post includes a small sample of the alleged barcode data, which contains the value used to create a scannable barcode, seat information, the face value of tickets, and other information. The threat actor further shared details on how to turn this data into a scannable barcode.

While the barcode data was not part of the initial leak of stolen Ticketmaster data samples released by the threat actors in May, some of the newly leaked data can be found in the older leaks, including the hashed credit card and sales order information for the tickets.

The group behind these attacks is ShinyHunters, which has been responsible for many data breaches over the years. These include leaking the data for 386 million user records from 18 companies in 2020, an AT&T breach impacting 70 million customers, and, most recently, the leaking of 33 million phone numbers used with the Authy multi-factor authentication app.

Update 7/5/24 3:44 PM ET: Ticketmaster told BleepingComputer that unique barcodes are updated every few seconds, so the stolen tickets cannot be used.

"Ticketmaster's SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied," Ticketmaster told BleepingComputer.

"This is just one of many fraud protections we implement to keep tickets safe and secure."

Ticketmaster also confirmed that they did not engage in any ransom negotiations with the threat actors, disputing ShinyHunter's claims that they were offered $1 million to delete the data.

Security News This Week: Hackers Leaking Taylor Swift Tickets? Don't Get Your Hopes Up

Proton, the company behind Proton Mail, launched an end-to-end encrypted alternative to Google Docs, seeking to compete with the cloud giant on privacy. We broke down how Apple is taking a similar approach with its implementation of AI, using a system it calls Private Cloud Compute in its new Apple Intelligence features.

In other news, we dug into how the US bans on TikTok and Kaspersky software, despite their national security justifications, pose a threat to internet freedom. We went inside a crash course for US diplomats on cybersecurity, privacy, surveillance, and other digital threats. And we published an in-depth investigation into the origins of the world's most popular 3D-printed gun, which revealed that its creator was a self-described "incel" with fantasies of right-wing terror.

But that's not all. Each week, we round up the security news we didn't cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The giant hack against Ticketmaster may have taken another twist. In June, criminal hackers claimed they had stolen 560 million people's information from the ticketing company owned by Live Nation. The company has since confirmed a breach, saying its information was taken from its Snowflake account. (More than 165 Snowflake customers were impacted by attacks on the cloud storage company that exploited a lack of multi-factor authentication and stolen login details).

Now in a post on cybercrime marketplace BreachForums, a hacker going by the name of Sp1d3rHunters is threatening to publish more data from Ticketmaster. The account claims to be sharing 170,000 ticket barcodes for upcoming Taylor Swift gigs in the US during October and November. The hacker demanded Ticketmaster "pay us $2million USD" or it will leak "680 million" users' information and publish millions more event barcodes, including for concerts by artists such as Pink and Sting, and sporting events such as NFL games and F1 races.

The claims appear to be dubious, however, as Ticketmaster's barcodes aren't static, according to the company. "Ticketmaster's SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied," a Ticketmaster spokesperson tells WIRED in a statement. The spokesperson adds that the company has not paid any ransom or engaged with the hackers' demands.

Hacker groups are known to lie, exaggerate, and overinflate their claims as they try to get victims to pay. The 680 million customers that Sp1d3rHunters claimed to have data on is higher than the original figure provided when the Ticketmaster breach was first claimed, and neither number has been confirmed. Even if victims do decide to pay, hackers can still keep the data and try to extort companies for a second time.

Despite the breach at Ticketmaster originally being publicized in June, the company has only recently begun emailing customers alerting them to the incident, which happened between April 2 and May 18 this year. The company says the database accessed may include emails, phone numbers, encrypted credit card information, and other personal information.

In recent years, there's been a sharp uptick in cybercriminals deploying infostealers. This malware can grab all of the login and financial details that someone enters on their machine, which hackers then sell to others who want to exploit the information.

Cybersecurity researchers at Recorded Future have now published proof-of-concept findings showing these stolen login details can be used to potentially track down people visiting dark-web child sexual abuse material (CSAM) sites. Within infostealer logs, the researchers say they were able to find thousands of login details for known CSAM websites, which they could then cross-reference with other details and identify the potential real-world names connected to the abusive website logins. The researchers reported details of individuals to law enforcement.

Ticketmaster Says Taylor Swift Eras Tour Tickets Are Safe After Data Breach

Ticketmaster is seeking to assure Taylor Swift Eras Tour ticket holders in three cities, including New Orleans, that their tickets are secure after a hacker group claimed on Friday to have leaked barcodes for 166,000 tickets.

The hacker group, known as "Sp1d3rHunters," made the claim in an online forum for buying and selling stolen data. The group provided instructions for downloading allegedly stolen barcodes, including for 40,000 tickets to three October concerts at Caesar's Superdome in New Orleans.

Ticketmaster acknowledged in May that its user data had been stolen from a third-party database provider. But it moved quickly Friday to refute claims that barcodes had been leaked, calling that an impossible feat.

"Ticketmaster's SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied. This is just one of many fraud protections we implement to keep tickets safe and secure," the company said in a statement.

Also, the hacker group seems to have mixed up the tour dates by offering stolen tickets for three New Orleans concerts from Oct. 26-28. Swift is scheduled to play here from Oct. 25-27. The group also offered stolen tickets for concerts in Indianapolis and Miami.

The hacker group's post on Friday threatened to leak an additional 30 million bar codes, along with user data, and demanded a $2 million ransom.

In May, Ticketmaster acknowledged a breach after a group with a similar but different name claimed to have stolen identification and contact information for 560 million Ticketmaster customers.

---