NEW YORK — A cybercriminal group claims it has stolen personal data belonging to more than 500 million Ticketmaster customers. Although the event ticketing service, owned by Live Nation Entertainment, hasn't confirmed the attack, security experts warn that it could put users of the platform at risk for a range of scams.
The hackers, called ShinyHunters, said in an online forum that they have gained access to Ticketmaster customers' information and that they plan to sell the data. But Jared M. Smith, an engineer at SecurityScorecard, a company that monitors computer network breaches across the internet, cautioned that it remains to be seen if the theft is real.
"It's still not verified. We don't know whether the hackers that posted it are making this up or not, that's something we're waiting for," he said. "It could be part of a publicity stunt."
Here's what to know about what kind of data might have been exposed, as well as how to protect yourself.
What is ShinyHunters?
The hacking group emerged in 2020 and drew attention the following year when it exposed huge troves of customer records from more than 60 companies.
According to the Department of Justice, the ShinyHunters stored and sold stolen data on the "dark web," including customer databases with personal and financial information. Members of the group also used social media to solicit potential buyers for the for data, including sometimes notifying the media about their exploits and posting images on a website appearing to show stolen material. Targets included a range of companies and millions of consumers.
Sebastien Raoult, a French computer hacker and ShinyHunters member, in January was sentenced to three years in prison and ordered to pay more than $5 million in restitution after pleading guilty to conspiracy to commit wire fraud and aggravated identity theft.
ShinyHunters may not have hacked Ticketmaster, and instead could effectively be serving as a middleman by selling the customer data, experts noted. The group's post said the data was available for purchase for $500,000 in a "one-time sale."
How many people may have been affected?
ShinyHunters said it has obtained personal data belonging to 560 million Ticketmaster customers. Although that would rank as one of the largest cyberthefts of all time, one expert said that some of the info the group claims to have stolen was likely already publicly available.
"The reality is there are a lot of records missing, and it sounds really bad. But from a practical standpoint, how many people had information stolen that isn't out there already? A lot of it is public record," cybersecurity expert Joseph Steinberg told CBS MoneyWatch. "From the raw data itself, there's probably a lot less than it sounds like. We sometimes get impressed by numbers, but what matters much more is the quality of the data and what it means."
What kind of information was purportedly exposed?
ShinyHunters said it obtained Ticketmaster customer names, addresses, phone numbers, transactions and partial credit card details, which Smith described as a "juicy" trove of data for bad actors.
"It's a lot of information you don't often see together. Often hackers just get usernames and passwords, and sometimes payment information. But you don't often see addresses and past purchases, and all of that together would make quite a perfect set up for a group to put up sites that look like Ticketmaster sales partners to target consumers they know have purchased event tickets before," he told CBS MoneyWatch.
"This breach would prey on a really easy target audience to scam people into buying fake tickets," Smith added.
What is Ticketmaster doing about the alleged attack?
Nothing, yet. The company has not verified the purported cyberattack. It didn't immediately respond to a request for comment.
The Australian government said Thursday it is investigating the hacking group's claims. The FBI has offered assistance to Australian authorities, a spokesperson for the U.S. Embassy in Canberra told Agence France-Presse.
"The Australian Government is aware of a cyber incident impacting Ticketmaster," a spokesperson for the Australia Home Affairs Department said in a statement to CBS News. "The National Office of Cyber Security is engaging with Ticketmaster to understand the incident." The department also urged people with "specific inquiries relating to this incident" to contact Ticketmaster.
What should Ticketmaster users do now?
First, and crucially, consumers should assume that they are at risk of being hacked, Steinberg said, emphasizing the need for people to have the right mindset. For example, a consumer who believes they're being targeted by hackers will think twice before clicking on a link offering them concert tickets to their favorite band from an unknown entity.
"You have to internalize the fact that you are a target. People who believe they are targeted behave differently than people who don't believe that," he said.
Regarding Ticketmaster, Smith urged consumers not to click on links to concert ticket sales they don't recognize and to call the service's support line to verify any offers.
"Someone who doesn't think they're targeted would say, 'Wow, this is great, not thinking they got the data from the Ticketmaster breach and social engineered it," Steinberg said.
More generally, Steinberg recommended that people use two-factor authentication to protect their accounts.
