Mix Live Blog: Meanwhile… Ticketmaster Was Hacked!

Back in May, there were reports of a data breach at Ticketmaster in which a group of hackers calling themselves ShinyHunters claimed responsibility for stealing data of more than 500 million Ticketmaster customers.

The group—which has also laid claim to hacking AT&T Wireless, Microsoft and Santander bank—said that data in their possession includes names, addresses, phone numbers and partial credit card details from Ticketmaster users worldwide. At the time, the hackers reportedly demanded and accepted what they later referred to as a “rushed” ransom of $1 million to stop them from selling the data to interested parties.

Live Nation, the parent company of Ticketmaster, confirmed the threat a few days later. The attack came at a particularly interesting time, barely two weeks after the U.S. Department of Justice sued Live Nation and Ticketmaster, accusing them of running a monopoly on ticket sales for live events in the U.S.

A few weeks ago, the story took an interesting turn when ShinyHunters posted on BreachForums (a hacking forum and marketplace for cybercriminals to buy and sell stolen data) that they had obtained more than 400,000 ticket barcodes for Taylor Swift’s Eras Tour, and was now seeking a ransom of $8 million.

ShinyHunters also reportedly obtained another 30 million tickets for more than 65,000 events, including NFL games and Sting concerts. Value of the stolen tickets for the Eras Tour alone is estimated to be in the neighborhood of $22 billion. Yikes.

Mix Live Blog: You Can’t Make This Up, Ep. #1

During the first week of July, Ticketmaster released a statement denying that the company had paid any ransom, ensuring customers that its SafeTix technology “protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied.”

Introduced in 2019, SafeTix is an anti-theft technology that links a unique, identifiable digital ticket to a customer’s mobile phone using an encrypted barcode that automatically refreshes every 15 seconds. According to Ticketmaster, data obtained in the hack was static, so it cannot be used as a ticket. That’s good news for Swifties who purchased legit tickets, and bad news for anyone who entertained the idea of purchasing an illegitimate ticket for a show on the tour.

It’s easy to look at this and have a hearty laugh at Ticketmaster’s expense, especially in light of the recent action by the DOJ. Ticketmaster has become the “Evil Empire” everyone loves to hate, and quite frankly, the company can afford to pay a ransom of $8 million without batting an eyelash. If Ticketmaster does pay the ransom, it will likely keep the entire incident under wraps for fear of ridicule and/or legitimizing the hack group.

Unfortunately, the real victims here are the millions of Ticketmaster customers whose personal data is at risk. And that’s not something to laugh at.