Ticketmaster’s Half Billion Data Breach: What You Need To Do Right Now

Ticketmaster has lost the data of 560 million customers in a data breach, according to a hacking group that claims to have it.

The group, called ShinyHunters, is attempting to sell the 1.3 terabyte-sized data file online for a one-time $500,000 fee, to anyone who wants it.

It’s a bad sign for the many customers of the ticket sales and distribution company, which is already facing antitrust scrutiny for its alleged monopolistic hold on the ticket sales business, though it has yet to publicly confirm the breach claims. Here’s what data was stolen, and what steps potential victims can take in response.

What Type of Ticketmaster Data Was Puportedly Stolen?

If you have ever been a Ticketmaster customer, here’s the exact information that ShinyHunters might be attempting to sell off to bad actors at this very moment:

• Your full name
• Your address
• Your phone number
• Your email address(es)
• Your order history information, including ticket purchase details
• Partial payment data, which might include:
  • Your name
  • The last four digits of your credit card number
  • Your card expiration date

Hackers can wreak plenty of havok with that data, particularly since it’s such a large volume of victims. With over half a billion people to choose from, a good social engineering hacker will have a lot of options when picking out payment information and attempting to finagle their way into a bank account.

It’s not the first time Ticketmaster has wound up in the news for hacks: In 2021, the company was fined $10 million for illegally accessing information and data that belonged to a rival company

Actions You Should Take Right Now

Let’s face it: Given complete ubiquity of Ticketmaster, anyone who’s been to a concert or two in the past decade is sweating right now. Anyone who bought tickets online to attend a major live event and used Ticketmaster to do so is at risk of having their data exposed.

Here are the next steps that can help you out.

• Change your passwords — This is the first obvious solution. If your passwords are long and secure, you’ll be less likely to be breached. Hackers will opt for the low hanging fruit first, and that’s everyone with a “123456” password on their account. If you use the same password for your Ticketmaster account elsewhere, then you really need to update these too, immediately.
• Take a look at haveibeenpwned.com — This website will take a look at your email address, and connect it to any breaches that have included that address. The Ticketmaster data won’t be up at the moment, but will likely leak out in the future. If you’re not flagged, you might be in the clear.
• Be alert to suspicious emails and phone calls — Hackers will most likely try social engineering with the data stolen in breaches: They have a lot of information, but they’ll need to leverage it in order to trick victims into revealing their passwords. That typically means impersonating banks or credit agencies through fake emails, texts, or phone calls.
• Monitor bank accounts — Keep a close eye on your accounts over the next few weeks, and watch out for any unusual activity.
• Watch for Ticketmaster’s response — At the time of writing, Ticketmaster hasn’t confirmed the breach. However, when they do, assuming it is legitimate, they will likely offer advice and assistance to those affected, similar to how other companies have handled large data breaches. They may also automatically reset user passwords.

Ultimately, you can’t close the barn door after the horses are out. But you can limit the damage that the data can do to your life.

Handling Data Breaches

Business data breaches can be planned for, with clear steps to take after the fact: Businesses will contain and access the damage, before notifying victims afterward.

But in cases like this TicketMaster breach, you’re likely on the customer end of the breach and you have less recourse. And with hacks on the rise in recent years, there’s only so much that VPNs and password managers can do to help. In the end, the risk of your own exposure is handled by companies like TicketMaster, and they inevitably wind up breached.

That’s why good password practice is more important than ever, ensuring that you’re not using the same passwords across multiple accounts. Sure, it might be convenient to have your password set to your dog’s name for every single online account, but after yet another massive scale data breach, how many more do you need to see to convince you that it’s when, not if, your data gets compromised…

Alternatively, you can pay the hackers $500,000 to buy your data back.