Ticketmaster Data Breach: What You Need to Know to Protect Yourself
KOMO - July 4, 2024 7:07 am
SEATTLE — Another day, another notice of a data breach. Live Nation, the parent company of Ticketmaster, confirmed this latest cyber-attack involves hundreds of millions of people.
The company said it discovered unauthorized activity within a third-party cloud database on May 20 and its staff promptly launched an investigation. Ticketmaster account holders are now getting notices about the breach. So, what’s next?
This latest cyber-attack is huge since seven out of 10 live event tickets sold go through Ticketmaster, according to the attorney general.
“We last used Ticketmaster in March when we wanted to go see Toby Mack,” said Stacy Bolin.
“Well, I have one coming up at Idina Menzel at the Paramount,” said Dan Navarro.
“Oh yeah, it was last year it was for Taylor Swift, for the Eras tour,” said Lydia Dahlgren.
Instead of ticket alerts, hundreds of millions of Ticketmaster customers are getting alerted to this new cyber-attack.
“Well that all of our information could be put out there for anybody,’ said Bolin.“Typically, bad actors are in pursuit of data, personal data, personal information and they’re after sensitive information, your password, your payment information like credit cards, your financial information, which probably they can use to monetize because most of this information is quite valuable in the underground economy,” Kaustubh Medhe, VP of research and threat intelligence at Cyble Inc., told KOMO News.
“All of our information could be put out there for anybody,” said Bolin. That means it’s time to change passwords for Ticketmaster and all associated credit card accounts.
In the attack on Ticketmaster, the hackers, reportedly called “ShinyHunters” are believed to have offered the stolen data to the highest bidder on the dark web.
“It’s prevalent right now,” Michael Bruemmer, with Experian, told KOMO News. He said an average of three data breach alerts went out to every adult in the U.S. last year, so everybody has gotten at least one notice.
“So you can assume that much of the time your data has either been exfiltrated and maybe put on the dark web- may be left in the hacker’s hands too to do social engineering,” said Bruemmer. That data includes names, emails, phone numbers, addresses and credit card numbers.
Live Nation sent notices to customers and said it is working to mitigate risk and is cooperating with law enforcement. But what are customers supposed to do while the investigation is underway to figure out what exactly was stolen?
Dahlgren told KOMO News she’s a flight attendant, so she set up fraud alerts on her accounts since she’s in so many different cities.
“I’m always checking every notification making sure that I did buy this in California. I was in New York today making sure it’s not just something else snuck in there that I didn’t make,” said Dahlgren. One of those alerts tipped off in time to stop any real damage to her accounts.
“I did have something on my Amazon account a couple of months ago. I mean, I do give my log into my family members, but it was a movie rental, and nobody had rented that movie,” said Dahlgren.
She told KOMO News she immediately changed her password.
“And disputed the charge, and everything got refunded, but yeah, it was someone who had gotten into my account and was renting a movie,” said Dahlgren.
“I usually watch for the one dollar test, and then if you get a bunch after that, then you know you’ve been hacked,” said Ben Bolin. Small changes like that are how criminals start testing the card to see if anyone flags it, and if that works, they increase the amount they try charging on a stolen card.
Signing up for fraud alerts is just one of four things Bruemmer suggests to keep accounts safe from cybercriminals. He also suggests signing up for free credit monitoring, never reusing a password, and using a password vault, which he said suggests long passwords and keeps track of them for you.
“Because we’ve seen it over and over again with our health plan got hacked and your information’s out there, and then prescription plan got hacked and then the eye plan, and so it’s just, you just have to be aware,” Ben told KOMO News.
One more tip Bruemmer shared with KOMO News to avoid hackers is to never use public wi-fi. Especially now, he said, during the busy travel season.
“Members should be worried about misuse of their email IDs, mostly attackers tend to use a lot of these stolen email ideas to launch fishing campaigns, send emails to these members, and try to extract more sensitive information about them such as passwords or asking them to make fictitious payments to an account that is under the control of an attacker,” added Medhe.
Medhe also told KOMO News it’s important to be running good quality antivirus software on systems and never click on links or download software without making sure you know the true source. These are ways that bad actors phish for your personal data.
The breach of customer data from Ticketmaster comes on top of another controversy the company is dealing with.
The Department of Justice and dozens of state attorneys general filed a lawsuit to break up Ticketmaster, on behalf of music fans and artists, accusing the company of creating a monopoly across the live entertainment market.
“As detailed in our complaint, Live Nation suffocates its competition using a variety of tactics,” said U.S. Attorney General Merrick Garland.
The suit lists several tactics, including:
- Pressuring artists to use its promotion services
- Retaliating against venues that work with rivals
- Locking concert venues into exclusive ticketing contracts
Public scrutiny of Live Nation started back in 2022 over ticket sales for Taylor Swift’s Eras tour.
Dahlgren said the Ticketmaster site crashed when the Eras tour ticket sales went live.
“So I spent 12 hours on the computer just trying to get tickets for that show. Thankfully, I didn’t have any issues, but I’ve seen online how people had issues with scammers,” said Dahlgren. Dahlgren said many of the stories she heard came from Swift’s super fans.
“I’m not that dedicated. I got into the verified fan site, and they didn’t, and so it’s like yeah, they couldn’t get tickets just because they weren’t randomly selected. And then there were still scrappers on there that sold tickets,” said Dahlgren.
“I looked on resale sites to see if they would drop prices closer to the show, but Ticketmaster was also out, and you couldn’t resell on Ticketmaster, so everyone goes to the other sites and puts them at 23 times the price. It’s not fun,” Dahlgren told KOMO News.
“What the DOJ is asking for, first and foremost is a structural relief, a reorganization of Live Nation and Ticketmaster, so that they can stop what they are saying is anti-competition and monopoly-like practices,” said attorney Brian Buckmire.
Live Nation dismissed the allegations and said other factors are problems, like rising “production costs,” “artist popularity” and “online ticket scalping.”
If that case is not dismissed and goes to trial, it could drag on for years, with legal experts anticipating months of arguments in court.