hacking
Earlier this week, hackers on a “dark web” site claimed to have stolen data from hundreds of millions of Ticketmaster user accounts — but a source with knowledge of the investigation into the attack says there is no evidence that Ticketmaster fan accounts were compromised or that private user data was stolen.
Officials at Ticketmaster’s parent company, Live Nation, acknowledged a breach Friday (May 31) in a Securities and Exchange Commission (SEC) filing, noting it had identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened.”
The statement noted that the company was “cooperating with law enforcement” and that “as of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations.”
Trending on Billboard
According to the source, federal authorities are currently working to understand how a “dark web” site seized by the federal government was recaptured on Monday (May 27) by hackers with the group ShinyHunters and used to ransom 1.3 terabytes of private data allegedly stolen from Ticketmaster for $500,000. Investigators aren’t sure what, if any, Ticketmaster files are being held in the 1.3 terabyte file, the source adds.
The hack, the source tells Billboard, did not involve a breach of the core Ticketmaster system. Rather, company officials are looking at cloud hosting service Snowflake as a possible site of the hack. A hacker claiming to be involved in the attack told the website Bleeping Computer that they had breached Santander Bank and Ticketmaster after hacking into an employee’s account at Snowflake, which provides cloud hosting services for major companies. According to that report, Snowflake is disputing the claim. Billboard independently confirmed that Ticketmaster uses Snowflake’s cloud hosting service.
When reached for comment, Live Nation directed Billboard back to the SEC filing. Snowflake did not respond to a request for comment by press time.
Australian ticketing firm Ticketek also reported Friday that it had fallen victim to hackers, notifying customers that the names of some of its users, as well as their dates of birth and email addresses, may have been accessed in a data breach. In a statement on its site, Ticketet said the user information had been stored in a cloud-based platform hosted by a “reputable, global third-party supplier”.
“Ticketek has secure encryption methods in place for all passwords and no Ticketek customer account has been compromised,” company officials said in a statement. “Additionally, Ticketek utilises secure encryption methods for online payments and uses a separate system to process online payments, which has not been impacted. Ticketek does not hold identity documents for its customers.”
A well-known hacking group claims to have breached Ticketmaster and is attempting to sell the personal data of 560 million Ticketmaster users, including their payment details, for $500,000, according to the website Hackread.
Alleged hacking group ShinyHunters has claimed credit for the break-in, resulting in the theft of 1.3 terabytes of stolen data that includes usernames, contact information, order info and partial payment details, like the last four digits of a customer’s credit card, expiration dates and even details designed to prevent fraud (i.e. mother’s maiden name).
Officials with Live Nation, which owns Ticketmaster, have not responded to requests for comment from Billboard or confirmed that the breach took place, but Australian officials with the country’s Department of Home Affairs told the Australian Broadcasting Company that it was aware of a cyber incident that was part of a data leak expected to impact millions of Ticketmaster customers globally.
Trending on Billboard
A spokesperson from the Department of Home Affairs told the ABC that the department is “working with Ticketmaster to understand the incident”.
“The data breach, if confirmed, could have severe implications for the affected users, leading to potential identity theft, financial fraud, and further cyber attacks,” the Hackread site explains. “The hacker group’s bold move to put this data on sale goes on to show the growing menace of cybercrime and the increasing sophistication of these cyber adversaries.”
The hack comes as Ticketmaster and Live Nation face attempts by the federal government to break the company up on antitrust grounds. Last week, the Department of Justice’s antitrust division sued Ticketmaster in New York’s Southern District, alleging that the company acted monopolistically. Company officials have vowed to fight the lawsuit.
ShinyHunters emerged on law enforcement’s radar in 2020 and has been linked to breaches affecting more than 60 companies. The group is known to use dark web forums to threaten to leak sensitive consumer information unless the affected companies pay an online ransom. Most breaches are carried out using sophisticated phishing pages that mimic their target’s login portals, tricking employees into entering account credentials and other sensitive data. Members of ShinyHunters then use the stolen credentials to log in to company systems and steal data and customer information.
In January, a U.S. District Court in Seattle sentenced alleged ShinyHunters member Sebastien Raoult to three years in prison and restitution of $5 million after Raoult pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. The 22-year-old French national was arrested in Morocco in 2022 and extradited to the United States in January 2023.
ShinyHunters is reportedly selling the Ticketmaster data on Breach Forums, an illegal marketplace that just two weeks ago had been seized by the FBI.
On May 13, FBI officials apprehended the site’s administrator and seized access to login credentials for the entire infrastructure of Breach Forums, including the backend, across its dark web and clear web sites.
“From June 2023 until May 2024, BreachForums was operating as a clearnet marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” FBI official said in a statement at the time.
But several days later, ShinyHunters allegedly contacted the domain registrar of Breach Forums and successfully regained access, according to Hack News, with the FBI seizure notice on the site replaced by a “Site Temporarily Unavailable” message. Earlier today, Breach Forums was updated again, this time with the alleged stolen Ticketmaster data posted on the site for sale.
A superfan accused of hacking Kelsea Ballerini and leaking her unreleased music has reached an agreement with the star’s lawyers not to share her songs with anyone else — and to name any people he’s already sent them to.
Just a week after Ballerini sued Bo Ewing over accusations that he illegally accessed her unfinished album and shared it with members of a fan club, attorneys for both sides said Wednesday (April 24) that they have agreed on a preliminary injunction against Ewing that will remain in place as the case plays out.
Under the terms of the injunction to which his lawyers agreed, Ewing is not only banned from disseminating any of Ballerini’s materials, he’s required to divulge who he has already shared them with and how he came into possession of her music.
Trending on Billboard
“Defendant shall, within thirty days of entry of this order, provide plaintiffs with the names and contact information for all people to whom defendant disseminated the recordings,” the agreement reads. “Defendant shall use his best efforts to disclose to Plaintiffs from whom and by what means he obtained the recordings.”
The agreement avoids a court battle over such an injunction, which Ballerini’s attorneys were asking a federal judge to impose regardless of Ewing’s cooperation. In doing so, they warned that the hack had caused “immediate and ongoing harm” that would get far worse if Ewing was allowed to widely release the allegedly leaked songs online.
“The most critical time for an album’s success is its initial release date,” Ballerini’s attorneys wrote in a motion demanding such an injunction. “Hacks like this substantially diminish both performers’ and labels’ ability to realize the full benefits of the release because the work is already available for download, for free, at the time of the official release.”
Ballerini sued last week, claiming that Ewing — allegedly a former fan who had become disillusioned with the star — had gained illegal “back-door access” to a device holding recordings of 12 songs still in production. Her lawyers say he then shared them with members of an online fan club.
“Because the recordings are not the completed master, the songs are not final and are subject to revision,” her lawyers wrote. “Ms. Ballerini and her team are the only people who can say when the recordings are complete. Defendant’s actions have stripped plaintiffs of that right and caused the distribution of unfinished work that may not yet be up to plaintiffs’ high professional standards.”
Almost immediately, the federal judge overseeing the case issued a so-called temporary restraining order — an emergency order that banned Ewing from sharing any of Ballerini’s materials. That order set the stage for a longer-term preliminary injunction, which both sides were set to debate at a hearing on Thursday (April 25).
Instead, Ewing’s attorneys struck Wednesday’s deal accepting such an injunction. Judge Waverly D. Crenshaw Jr. signed off on the agreement on Thursday. Neither side’s lawyers immediately returned requests for comment.
HipHopWired Featured Video
Source: Smith Collection/Gado / Getty / 23andMe
Nothing is safe from hackers on the web, not even the information 23andMe.
Spotted on The Verge, genetic testing and analysis company 23andMe announced on its blog site Friday, October 6, that hackers stole user data and is currently making its rounds on forums on the dark web.
According to the website, hackers utilized recycled logins to access the compromised accounts.
Another website, BleepingComputer, reports that a hacker dropped “1 million lines of data” for Ashkenazi Jewish people and was being sold for $1 – $10 per account.
The stolen data includes users’ names, profile photos, genetic ancestry results, date of birth, and geographical location. 23andMe confirmed the bad news to both websites.
Per The Verge:
The company confirmed to BleepingComputer that the data is legitimate in a statement it also shared in an email to The Verge. In the statement, 23andMe managing editor Scott Hadly wrote that “the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.” He added that there was no indication of “a security incident within our systems.” BleepingComputer reports other users’ data was scraped using one of 23andMe’s own opt-in features, called ‘DNA Relatives”
In 23andMe’s blog post, there are instructions for users to reset their password and set up multi-factor authentication.
There is also a link to the company’s privacy and security checkup page while also directing users to its support team’s email if they need further assistance.
More Than 7 Million Accounts Were Affected
A PCMag report indicates that more than 7 million accounts might be in the sale getting their information from a Dark Web Informer post that included a screenshot from the now-deleted hacker forum post.
23andMe’s CEO Allegedly Knew About The Hack Two Months Prior
In a damning report from ArsTechnia, hackers claimed that 23andMe’s CEO was well aware of the stolen data two months ago but opted to keep quiet about it.
23andMe has spoken about the hack on its official X account, claiming it has conducted an investigation but has “not identified any unauthorized access” to its systems.
Yikes.
If you have been on the fence about giving your info to 23andMe, this news will keep you away.
—
Photo: Smith Collection/Gado / Getty
Executives at one of the largest independent ticketing companies in North America believe malware hidden inside a tracking pixel used for sending customers target advertisements was the source of two-and-a-half-year credit card skimming operation.
Company officials with See Tickets North America, a subsidiary of French entertainment conglomerate Vivendi, tell Billboard that criminals were able to operate a sophisticated credit card skimming fraud on See Tickets checkout pages. While See Tickets officials didn’t detail which events were impacted, the company is one of the largest ticketing sites for indie promoters in North America with clients that include Pitchfork Festival and Disco Donnie Presents’ Freaky Deaky festival, as well as venues like the Troubadour in West Hollywood, California.
Tracking pixels are typically used to identify customers and share information about the consumer with ad networks and other large technology companies. One popular use of tracking pixels in the events business is to serve ads to fans who visited a music festivals website but did not purchase tickets, in hopes of enticing them to make a purchase.
Company officials believe that an exploit in the pixel See Tickets was using allowed criminals to take snap shots of credit card transactions as they happened without having to break into See Tickets system or database. The malicious code first appeared on the site on June 25, 2019, about nine months before the COVID-19 pandemic forced the shutdown of the live entertainment industry.
“At See Tickets we take securing customer information very seriously and deeply regret this incident occurred,” Boris Patronoff, CEO of See Tickets North America, told Billboard in a statement. “We also understand how this may have negatively impacted on our clients and their customers. We conducted an immediate investigation as soon as the issue was discovered and communicated with clients and customers the moment it was possible to do so. We have since taken additional measures to further strengthen our security,.”
Company officials became aware of the security breach in April 2021 after being contacted by credit card investigators looking at fraudulent charges linked to purchases on See Tickets website site. Within days of being notified, the ticketing company hired two forensic investigation teams to investigate the breach. In January of this year, the malicious code was eradicated from the site.
Last month, See Tickets concluded its investigation and began notifying state law enforcement officials with the details of the breach. While See Tickets’ own customer and promoter data was not accessed during the breach, criminals were able to obtain details from credit card transactions including full name, address, card number, expiration date and CVV.
See Tickets says a majority of ticket buyers who used the site were not impacted by the breach and note that social security numbers, state identification numbers and bank account information was not exposed due to this incident, as they are not stored in its systems.
The breach is the second major hack of a ticketing company in five years. In 2018, hackers briefly took over the Ticketfly home page and took parts of the company offline for months grinding much of the independent music industry to a halt. Ticketfly users and client data were stolen during the attack and wound up on the dark web because of the attack.
-
Pages