Cyber Threat Radar – The ShinyHunters hacking group has disclosed information regarding an alleged data breach of Ticketmaster, offering to sell the data for a flat fee of US$500,000.
The information is being offered for purchase on a well-known clear web hacking platform, with ShinyHunters asserting to possess the information of 560 million Ticketmaster clients spread across 16 distinct folders and files, each of which are several gigabytes in size.
Data Breach Exposed Credit Card Details
Additionally, the hackers named after the ‘shiny hunting’ gameplay in the Pokémon video game, have provided a preview of the data, containing encrypted credit card numbers, the final four digits of credit cards, expiration dates of credit cards, and information related to fraudulent activities, along with customer names, addresses, and email addresses.
In their post ShinyHunters claim they are in possession of:
- 560 million customers full details (name, address, email, phone)
- Ticket sales, event information, order details
A History Of Significant Data Breaches
ShinyHunters has a history of significant data breaches dating back to May 2022, when it exposed data from Indonesian e-commerce giant Tokopedia, along with substantial amounts of customer data from Microsoft. In the same year, the group disclosed the details of 70 million AT&T subscribers. The leader of ShinyHunters is also the head of the BreachForums hacking community, which resurfaced on both the clear and dark webs following its seizure by the FBI and various international law enforcement agencies in May 2024.
“At present, given that we solely rely on the attackers’ statements, it is premature to draw any definitive conclusions regarding a potential data breach,” said Tim Royston-Webb, CEO, SentryBay. “Irrespective of the legitimacy of the breach, organizations should remain vigilant and not lower their guard.”
By securing the input of sensitive data and by wrapping security around the applications which handle sensitive data, organisations can add another layer, boosting the protection of devices and mitigating against data breaches. In today’s world with more and more data being handled outside of the protection of the corporate perimeter, with BYOD, remote working and hybrid working, SentryBay’s patented solutions can help with both compliance and the overall security posture.