Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak

Written by

A threat actor continued their extortion campaign against Ticketmaster on Monday by claiming to leak over 30,000 print-at-home tickets stolen from the vendor.

“Sp1d3rHunters” advertised the data dump on an underground forum yesterday, alongside a four-step guide for users to make their own printable barcode tickets. They claimed to have tickets for gigs by Stevie Nicks, Pearl Jam, Foo Fighters, Red Hot Chili Peppers, and many more artists.

The threat actor warned Ticketmaster: “You now have to reset 30K more tickets. Pay us $2m or we will leak the mail and e-ticket barcodes for all your events.”

The leak came just days after the same actor leaked 170,000 tickets to Taylor Swift’s much-hyped Eras Tour.

The ticketing giant had responded to that effort by claiming its own SafeTix technology automatically refreshes the barcodes on these digital tickets, rendering efforts to clone and sell them useless.

Sp1d3rHunters hit back with its latest posting.

"Ticketmaster lies to the public and says barcodes cannot be used. Tickets database includes both online and physical ticket types," it claimed. "Physical ticket types are Ticketfast, e-ticket, and mail. These are printed and cannot be automatically refreshed."

The breach itself appears to be traced back to a compromise of Ticketmaster’s Snowflake account, which led to the exposure of data on an estimated 560 million customers.

According to Mandiant, which is investigating the attack, around 165 Snowflake clients had accounts hijacked during that campaign, with threat group ShinyHunters obtaining logins from info-stealer malware and logs.

The incidents led to renewed calls for organizations to follow best practice login security, and ensure they have multi-factor authentication (MFA) switched on for any sensitive online accounts.

The threat actors have apparently also tried to extort other corporate victims of the same campaign, including Neiman Marcus, Santander and the Los Angeles Unified School District.

Read more on Snowfkake breach: Threat Actor Breaches Snowflake Customers, Victims Extorted.

What’s hot on Infosecurity Magazine?