SEATTLE — Another day, another data breach report. Live Nation, Ticketmaster’s parent company, confirmed that this latest cyberattack affected hundreds of millions of people.
The company said it discovered unauthorized activity in a third-party cloud database on May 20, and its staff quickly launched an investigation. Ticketmaster account holders are now receiving notifications about the breach. So what’s next?
This latest cyberattack is of considerable magnitude, with seven out of ten live event tickets sold going through Ticketmaster, according to the attorney general.
“We last used Ticketmaster in March when we wanted to go see Toby Mack,” Stacy Bolin said.
“Well, I have one coming up with Idina Menzel at Paramount,” Dan Navarro said.
“Oh yeah, it was last year, it was for Taylor Swift, for the Eras tour,” Lydia Dahlgren said.
Instead of ticket alerts, hundreds of millions of Ticketmaster customers are being alerted to this new cyberattack.
“Well, all of our information could be made public for anybody to see,” Bolin said. “Typically, bad actors are looking for data, personal data, personal information, and they’re looking for sensitive information, your password, your payment information like credit cards, your financial information, which they can probably use to monetize because most of that information is very valuable in the underground economy,” Kaustubh Medhe, vice president of threat research and intelligence at Cyble Inc., told KOMO News.
“All of our information could be exposed to anyone,” Bolin said. That means it’s time to change passwords for Ticketmaster and all associated credit card accounts.
In the attack on Ticketmaster, the hackers, apparently called “ShinyHunters,” allegedly offered the stolen data to the highest bidder on the dark web.
“It’s a common practice right now,” Experian’s Michael Bruemmer told KOMO News. He said that on average, three data breach alerts were sent to every adult in the U.S. last year, meaning everyone received at least one notification.
“So you can assume that most of the time your data has been exfiltrated and possibly placed on the dark web, and it can also be left in the hands of hackers who are doing social engineering,” Bruemmer said. This data includes names, emails, phone numbers, addresses and credit card numbers.
SEE ALSO | Live Nation says Ticketmaster data breach exposed millions of customers’ information
Live Nation has sent out notices to its customers and said it is working to mitigate risks and cooperate with law enforcement. But what are customers supposed to do while the investigation is underway to determine exactly what was stolen?
Dahlgren told KOMO News that she is a flight attendant and has fraud alerts set up on her accounts since she is in many different cities.
“I always check every notification to make sure I actually purchased this item in California. I was in New York today to make sure it wasn’t just another item that slipped in that I didn’t manufacture,” Dahlgren said. One of those alerts went off in time to prevent any real damage to his accounts.
“I had something in my Amazon account a few months ago. I give my logbook to family members, but it was a movie rental, and no one had rented that movie,” Dahlgren said.
She told KOMO News she immediately changed her password.
“I disputed the charge and everything was refunded, but yes, it was someone who accessed my account and rented a movie,” Dahlgren said.
“I usually watch for the dollar test, and if you get a bunch of them after that, you know you’ve been hacked,” Ben Bolin said. Small changes like this allow criminals to start testing the card to see if anyone flags it, and if that works, they increase the amount they try to charge on a stolen card.
Signing up for fraud alerts is just one of four steps Bruemmer suggests to protect your accounts from cybercriminals. He also suggests signing up for a free credit monitoring system, never reusing a password and using a password vault, which he says suggests long passwords and keeps track of them for you.
“Because we’ve seen it over and over again with our health plan being hacked and your information being out there, and then our prescription plan being hacked, and then our eye plan, and so you have to be aware,” Ben told KOMO News.
Another tip Bruemmer shared with KOMO News to avoid hackers is to never use public Wi-Fi networks. Especially now, he said, during peak travel season.
“Members should be concerned about the misuse of their email credentials. Most attackers tend to use a large number of these stolen email ideas to launch fishing campaigns, sending emails to these members and trying to extract more sensitive information about them, such as passwords or asking them to make fictitious payments to an account that is under the control of an attacker,” Medhe added.
Medhe also told KOMO News that it is important to use good quality antivirus software on systems and to never click on links or download software without making sure you know the real source. These are ways that malicious actors phish for your personal data.
Ticketmaster’s customer data breach adds to another controversy the company is facing.
The Justice Department and dozens of state attorneys general have filed a lawsuit to break up Ticketmaster on behalf of music fans and artists, accusing the company of creating a monopoly on the live entertainment market.
SEE ALSO | Justice Department Says Ticketmaster, Live Nation’s Illegal Monopoly Is Driving Up Prices for Fans
“As detailed in our complaint, Live Nation stifles its competition using a variety of tactics,” said U.S. Attorney General Merrick Garland.
The complaint lists several tactics, including:
- Put pressure on artists to use its promotion services
- Retaliation against theaters that work with competitors
- Locking concert halls into exclusive ticketing contracts
Public scrutiny of Live Nation began in 2022 due to ticket sales for Taylor Swift’s Eras tour.
Dahlgren said the Ticketmaster website crashed when tickets for the Eras tour went on sale.
“So I spent 12 hours on the computer trying to get tickets to this show. Luckily, I didn’t have any problems, but I saw online how people had problems with scammers,” Dahlgren said. Dahlgren said most of the stories she heard came from Swift’s superfans.
“I’m not that dedicated. I went to the verified fans site, and they didn’t do it, so it’s like, yeah, they can’t get tickets just because they weren’t randomly selected. And then there were still junk shops selling tickets,” Dahlgren said.
“I looked on the resale sites to see if they would drop the prices closer to the show, but Ticketmaster was also out of stock, and you couldn’t resell on Ticketmaster, so everyone goes to the other sites and puts them at 23 times the price. It’s not fun,” Dahlgren told KOMO News.
“What the Justice Department is seeking, first and foremost, is structural relief, a reorganization of Live Nation and Ticketmaster, so they can end what they see as anticompetitive and monopolistic practices,” said attorney Brian Buckmire.
Live Nation has rejected the allegations and said other factors were problems, including rising “production costs,” “artist popularity” and “online ticket resale.”
If the case is not dismissed and brought to trial, it could drag on for years, with legal experts predicting months of courtroom arguments.