Ticketmaster Data Breach—Live Nation Encounters ‘Dynamic Pricing’ as Hacking Group Asks for $8 Million Ransom

Ticketmaster data breach
  • Save

Ticketmaster data breach
  • Save
Photo Credit: Ashley King

Just days after notifying customers of the Ticketmaster data breach, Live Nation encounters ‘dynamic pricing’ from the ShinyHunters hacking group. The $1 million ransom has increased to $8 million after the group reveals Taylor Swift Eras Tour ticketing data is part of the leak.

Speaking on a dark net forum with screenshots confirmed by HackRead, the group claims to have stolen 193 million ticketing barcodes. They include 440,000 Taylor Swift tickets, valued at $22 billion. Posted in a thread on Breach Forums titled “Ticketmaster event barcodes ‘Taylor Swift’ pt 1/65000” the group suggests perhaps instead of performing on tour, Swift may perform in front of Congress due to the breach.

The hacking group also alleges that initially Live Nation was willing to pay the $1 million offer to keep the data breach under wraps. After combing through the data, the group decided to release a July 4th drop and increase their ransom ask to $8 million.

“Due to the nature of company ending exfil event.. [we] no longer accept $1 million as we found hot to make way more expensive and insurance surely accepts this; we restart negotiations at $8M let the negotiator and insurance know. Otherwise for buyers, $8M and you’re going first.”

ShinyHunters revealed the extensive nature of the Ticketmaster data hack in this forum post which includes:

  • 980 million sales orders
  • 680 million order details
  • 1.2 billion party lookup records
  • 440 million unique email addresses
  • 4 million uncased and de-duped records
  • 560 million Address Verification System detail records
  • 400 million encrypted credit card details with partial information

ShinyHunters also claims that the Ticketmaster data breach is the largest publicly disclosed non-scrape breach of customer Personally Identifiable Information to date. The Taylor Swift ticketing data exposed as an example of the data taken appears to include ticket sales data for an Eras Tour event at the Lucas Oil Stadium in Indianapolis, Indiana. That event is a three-night affair on November 1, 2, and 3, 2024.

The data captured by the hacking group includes barcode values and seat details, which means counterfeit tickets for these seats could be created and sold fraudulently. We already have an example of something similar happening at a Bad Bunny concert in Mexico City in 2022—leading to mass chaos as legitimate ticket buyers were turned away.

The exposed data also includes host account creation dates and VAX account numbers, which could be used to identify and exploit user accounts. With detailed personal information, attackers can create convincing phishing emails or social engineered attacks to target ticket buyers whose data was taken. Huge swaths of personally identifiable information is contained in this data breach, which may be the biggest since the Equifax hack.