Ticketmaster and Live Nation Data Breaches: Over 560 Million Customers Affected, ShinyHunters Suspected

New York, New York United States of America
Criminal threat actor offered user data for sale on the dark web for $500,000
Impacted companies include major brands such as AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard
Names, addresses, phone numbers, and partial payment details accessed
Over 560 million customers affected
Ransom demand to prevent selling the data
ShinyHunters group known for selling stolen data on the dark web, this incident marks one of their largest breaches yet
ShinyHunters suspected of gaining unauthorized access through a third-party cloud database environment with Snowflake
Snowflake observed increased threat activity from a subset of IP addresses and suspicious clients believed to be related to unauthorized access since mid-April 2024
Ticketmaster and Live Nation data breaches
Ticketmaster confirmed unauthorized activity on May 20, 2024, launched investigation with industry-leading forensic investigators
Ticketmaster and Live Nation Data Breaches: Over 560 Million Customers Affected, ShinyHunters Suspected

In a series of shocking developments, Ticketmaster and Live Nation have been hit by data breaches that may have affected over 560 million customers. According to multiple reports, hackers gained access to personal information including names, addresses, phone numbers, and partial payment details of Ticketmaster users through a third-party cloud database environment with Snowflake. The ShinyHunters hacking group is believed to be responsible for the breaches and has demanded a ransom payment to prevent selling the data.

Ticketmaster confirmed unauthorized activity within its subsidiary on May 20, 2024, and launched an investigation with industry-leading forensic investigators. On May 27, a criminal threat actor offered the Company user data for sale via the dark web. Live Nation is cooperating with law enforcement and regulatory authorities as appropriate.

Santander Bank also confirmed that certain customer information in Chile, Spain, and Uruguay had been accessed in a separate incident. The bank did not specify whether this was related to the Ticketmaster breach or another attack.

The hackers have reportedly put the data up for sale on the dark web for $500,000. Snowflake observed increased threat activity from a subset of IP addresses and suspicious clients believed to be related to unauthorized access starting mid-April 2024. A demo account belonging to a former employee was accessed but did not contain sensitive information according to Snowflake.

The ShinyHunters group is known for selling stolen data on the dark web, and this incident marks one of their largest breaches yet. The impacted companies include major brands such as AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard. It is essential to note that these allegations are still under investigation.

Live Nation's parent company has been under scrutiny in recent weeks due to a lawsuit filed by the US government and dozens of states alleging that Ticketmaster abused its industry dominance to harm fans nationwide. The breaches add fuel to the controversy surrounding the ticketing giant.



Confidence

90%

Doubts
  • It's unclear if Santander Bank's incident is related to the Ticketmaster breach or another attack.
  • The investigation is still ongoing and the full extent of the breaches may not yet be known.

Sources

95%

  • Unique Points
    • Live Nation confirmed unauthorized activity within a third-party cloud database environment containing Company data primarily from its Ticketmaster LLC subsidiary
    • Hackers have accessed the names, addresses, phone numbers, and partial payment details of approximately 560 million Ticketmaster customers
    • ShinyHunters hacking group is responsible for the attack and is demanding a ransom payment to prevent selling the data
  • Accuracy
    • Ticketmaster data was put up for sale on the dark web for $500,000 by ShinyHunters.
    • Santander confirmed that certain customer information in Chile, Spain and Uruguay had been accessed.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (85%)
    The article contains an example of a dichotomous depiction and an appeal to authority. The dichotomous depiction is presented in the line 'The ShinyHunters hacking group is reportedly demanding about £400,000 in a ransom payment to prevent the data being sold.', which presents the situation as a simple choice between paying the ransom or having the data sold. The appeal to authority is found in 'In a filing to the US Securities and Exchange Commission on Friday, Live Nation said:', where statements made by Live Nation are treated as authoritative without questioning their validity.
    • The ShinyHunters hacking group is reportedly demanding about £400,000 in a ransom payment to prevent the data being sold.
    • In a filing to the US Securities and Exchange Commission on Friday, Live Nation said:
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

93%

  • Unique Points
    • A data breach potentially affecting up to 560 million Ticketmaster accounts and a confirmed one for Santander Bank may have stemmed from attacks on the cloud storage accounts with Snowflake.
    • Hudson Rock reports that a bad actor gained access to Ticketmaster and Santander by using the stolen credentials of a single Snowflake employee.
    • The hacker bypassed the authentication service Okta using these credentials and then generated session tokens to obtain information from Snowflake.
    • Snowflake customers potentially affected include AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard.
    • ShinyHunters is the hacking group believed to be responsible for the breaches.
    • Ticketmaster data was put up for sale on the dark web for $500,000 by ShinyHunters.
    • Snowflake observed increased threat activity from a subset of IP addresses and suspicious clients believed to be related to unauthorized access starting mid-April 2024.
    • A demo account belonging to a former employee was accessed but did not contain sensitive information according to Snowflake.
    • Malware tracker vx-underground asserts with high degree of confidence that the leaked data is legitimate and includes full names, emails, addresses, phone numbers, hashed credit card numbers and more.
    • Santander confirmed that certain customer information in Chile, Spain and Uruguay had been accessed.
  • Accuracy
    No Contradictions at Time Of Publication
  • Deception (80%)
    The article reports on a data breach affecting Ticketmaster and Santander, and mentions that the attacker gained access to these companies through Snowflake's cloud storage. The author does not make any editorializing or pontificating statements. However, there are instances of selective reporting as the article only reports details that support the assertion that Snowflake was breached and did not mention any potential vulnerabilities within Ticketmaster or Santander's systems. Additionally, there is a lack of disclosure regarding the sources for some information in the article.
    • Earlier this month, Santander published a statement to confirm that ‘certain information’ of customers in Chile, Spain, and Uruguay had been accessed.
    • Snowflake has seemingly disputed Hudson Rock’s findings in its most recent response, saying that while investigating ‘potentially unauthorized access to certain customer accounts,’ it observed increased threat activity beginning mid-April 2024 from a subset of IP addresses and suspicious clients it believes are related to unauthorized access.
    • According to Hudson Rock, a bad actor gained access to Ticketmaster and Santander by using the stolen credentials of a single Snowflake employee.
  • Fallacies (85%)
    The article contains a few informal fallacies and an example of inflammatory rhetoric. It also uses direct quotes from the subject of the article which is not considered a fallacy but goes against the analysis rules.
    • ]In addition to Ticketmaster — which publicly acknowledged the breach later on Friday evening — and Santander Bank, Hudson Rock suggests the hacker may have gained access to hundreds of other Snowflake customers. A few of the major brands that use the cloud storage service include AT&T, HP, Instacart, DoorDash, NBCUniversal, and Mastercard.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

92%

  • Unique Points
    • A hacker is offering alleged Ticketmaster user data for sale on the dark web (unique to this article)
    • Unauthorized activity was identified by Live Nation on May 20
    • Live Nation launched an investigation with forensic experts into the potential hack
    • The data went up for sale on May 27
  • Accuracy
    • A hacker is offering alleged Ticketmaster user data for sale on the dark web
    • Live Nation does not believe the hack has had any financial or business operation impact yet
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (85%)
    The article reports on a hacking incident involving Ticketmaster and its parent company Live Nation. It mentions the unauthorized activity and ongoing investigation. However, it does not commit any formal or informal fallacies nor use inflammatory rhetoric or appeals to authority. There is a dichotomous depiction of Live Nation's response to the hack, but this is based on the company's statement and not an exaggerated portrayal. No score can be higher than 85 due to the presence of this dichotomous depiction.
    • The filing said the data went up for sale on May 27. Live Nation said it is working with law enforcement.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

96%

  • Unique Points
    • Hackers gained access to a Snowflake employee's ServiceNow account using stolen credentials.
    • Researchers at Hudson Rock analyzed online interactions with hackers who claimed they had breached Snowflake's system.
    • Snowflake is investigating an increase in cyber threat activity targeting some customer accounts.
  • Accuracy
    • Hackers claimed to have stolen personal data of 560 million Ticketmaster customers and 30 million Santander Bank customers.
    • Researchers at Hudson Rock analyzed online interactions with hackers who claimed they had breached Snowflake’s system.
    • The hackers said they gained access to a Snowflake employee’s ServiceNow account using stolen credentials.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (85%)
    The author makes an appeal to authority by citing Hudson Rock's analysis and research. They also use inflammatory rhetoric when stating that Snowflake is denying its products were to blame for the data breach. Additionally, there is a potential dichotomous depiction by presenting the hackers' claims as fact without providing counter-arguments or perspectives.
    • The cloud storage provider Snowflake is denying that its products were to blame for an apparent data breach impacting the company’s clients, including Ticketmaster and Santander Bank.
    • To put it bluntly, a single credential resulted in the exfiltration of potentially hundreds of companies that stored their data using Snowflake, with the threat actor himself suggesting 400 companies are impacted.
    • Snowflake acknowledged that a former employee’s demo account was accessed through stolen credentials, but said it did not contain sensitive data.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (0%)
    None Found At Time Of Publication

98%

  • Unique Points
    • Hackers named ShinyHunters claimed to have sold personal data of around 560 million Ticketmaster users online.
    • Live Nation confirmed the breach on May 31, 2024 and is cooperating with law enforcement.
  • Accuracy
    • The breach primarily affected data from Live Nation’s Ticketmaster subsidiary.
    • Personal information sold included home addresses, phone numbers, and partial credit card details.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication