Ticketmaster data breach: Hackers release million records for free
The issue of unauthorized access to the data of hundreds of millions of Ticketmaster customers from last month has not been resolved, and it seems to be gaining momentum. The criminals decided to publish a million stolen records online for free to influence the attacked company.
8:21 AM EDT, June 23, 2024
Information about the access to Ticketmaster customers' data appeared at the beginning of June, although the incident occurred at the end of May. At that time, it was confirmed that 560 million customers' data had been unauthorized, although currently, there is information on the web about an even greater number—680 million.
At the beginning of June, the data was put up for sale online, and it was declared at that time that the records contained, among other things, information about customers' payment cards. As noted now by Malwarebytes Labs, a post by user Sp1d3r appeared on one of the online forums, stating that Ticketmaster did not respond to the proposal to buy back the data, which, in the attackers' interpretation, means a lack of respect for the privacy of millions of users. Therefore, the first million records were just released online for free.
As you can easily imagine, such a situation leads to the beginning of many phishing campaigns or other scams, with the victims being the people from the group of a million random Ticketmaster customers whose data was obtained earlier.
Users who have used the service and may therefore, be within the group of those affected should follow basic safety guidelines to protect themselves from the consequences of the data leak:
- Check if the company from which the data was stolen has contacted them about this matter, for example, via email. The communication may contain valuable tips, including instructions on what to do for safety.
- Change the password for their account (and also for other services if the same login data was used, which is generally not recommended).
- Enable two-step authentication wherever possible. This way, even if the login and password fall into the hands of attackers, they cannot log into the victim's account without the second factor, such as a one-time SMS code.
- Stay calm and analyze all communications that may come to them from now on, for example, emails, without emotions. Phishing takes various forms, and the common feature is manipulation, using authentic data (obtained at the time of the leak), and exerting time pressure in cases that are only made up for the attack.