The notorious data leak site BreachForums appears to have resurfaced after being seized by law enforcement authorities a few weeks ago. One of the first posts on the revived forum claims to offer a massive data set containing personal and financial details of 560 million Live Nation/Ticketmaster customers for $500,000.
Update: In a recent development, the individuals claiming responsibility for the TicketMaster breach stated they gained access through a Managed Service Provider, later identified as Snowflake. They alleged that access was obtained via an infostealer malware.
Live Nation Entertainment, the parent company of Ticketmaster, has reported the compromise to the SEC. However, Snowflake has issued a statement denying any breach and claiming that the affected companies were likely compromised due to poor security practices.
Security researchers @RockHudsonRock and @whiteintel_io have corroborated the involvement of the Lumma Stealer malware campaign in this incident.
SEC link: https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
The post, allegedly made by ShinyHunters, provides the following details about the purported data breach:
Live Nation / Ticketmaster
Data includes
- 560 million customer full details (name, address, email, phone)
- Ticket sales, event information, order details
- CC detail – customer last 4 of card, expiration date
- Customer fraud details
- Much more
Price is $500k USD. One time sale.
Doubts Raised Over Data Breach Legitimacy
However, several cybersecurity researchers have expressed doubts about the legitimacy of the claimed data breach. A different user sold The same data set on another dark web forum, raising suspicions of potential duplication or coordination between threat actors.
Additionally, some experts have questioned the sheer scale of the purported breach, stating that the claimed 560 million affected users seems unrealistically high for Live Nation/Ticketmaster’s customer base.
Security researcher CyberKnow tweeted, “While there is some new data in the shared evidence, there is also old customer information, possibly making it a series of data jammed together.”
🚨🚨Thoughts on the alleged Ticketmaster Data Breach 🚨🚨
TLDR: Alert not Alarmed
The Ticketmaster data breach claim has provided BreachForums with the quick attention they need to boost their user numbers and reputation.
The claim has possibly been over-stated to boost… pic.twitter.com/WJsFkBfQbw
— CyberKnow (@Cyberknow20) May 29, 2024
Potential Law Enforcement Honeypot
Another aspect fueling skepticism is the peculiar requirement for visitors to register on the revived BreachForums before accessing any content. This unexpected change in access policy has led some to speculate about the possibility of the resurging forum being a honeypot operation set up by law enforcement agencies to identify and apprehend cybercriminals.
As cybersecurity experts continue to analyze the available information, the integrity of the claimed Live Nation/Ticketmaster data breach remains uncertain. Ticketmaster has stated that it is aware of the incident and is “working with Ticketmaster to understand the incident,” according to the Australian Department of Home Affairs.
Protecting Yourself Against Data Breaches
Regardless of the legitimacy of this specific incident, data breaches pose a significant risk to individuals’ personal and financial information. Here are some recommended steps to protect yourself in the event of a data breach:
- Follow the vendor’s advice and recommendations regarding the specific breach.
- Change your passwords, using strong and unique credentials for each account.
- Enable two-factor authentication (2FA), preferably using FIDO2-compliant hardware keys or devices.
- Be wary of potential phishing attempts by threat actors impersonating the affected vendor.
- Avoid storing payment card details on websites to minimize the risk of financial fraud.
- Consider setting up identity monitoring services to detect unauthorized use of your personal information.
You can also check if your personal information has been exposed in previous data breaches by Malwarebyte’s free Digital Footprint scan tool. Stay vigilant and take proactive steps to protect your digital identity.
