Ticketmaster data breach exposes millions: User info sold on the dark web

Entertainment company Live Nation announced that a security breach had occurred at its subsidiary, Ticketmaster. The incident took place on May 20 at 10:00 AM Eastern Time, and a cybercriminal offered user data for sale on the dark web.

TechCrunch reported that Live Nation informed the appropriate regulatory bodies about the incident more than a week later.

Live Nation detected the breach when unauthorized activity was noticed in a database managed by an external cloud provider, whose identity the company did not disclose. However, a Ticketmaster spokesperson confirmed that the database was hosted on servers belonging to Snowflake, a company specializing in data storage and analysis.

Snowflake reported that the attack could have affected a limited number of customers but did not provide specific information. Snowflake spokesperson Danica Stanczak declined to comment on the Ticketmaster breach. Similarly, Live Nation and Ticketmaster representatives have not issued public statements regarding the details of the incident.

According to information on the Ticketmaster Poland website, Live Nation Entertainment is a global leader in the live entertainment industry. The company comprises five subsidiaries operating in concert promotion, event venue management, sponsorship, ticket distribution, e-commerce, and artist management.

The administrator of the popular cybercrime forum BreachForums claims to possess data of 560 million customers, including Ticketmaster users' information such as ticket sales details and payment card information. TechCrunch had access to some of this data and confirmed its authenticity after verifying email addresses.

In May, the Department of Justice and 30 attorneys general filed a lawsuit against Live Nation, accusing the company of monopolistic practices.