Ticketmaster Hack Leaks Nearly 40,000 Tickets, Leaving Fans Scrambled

  • By Farrukh Mushtaq

    Farrukh Mushtaq

    Author Image

    Farrukh Mushtaq, a digital marketer at PureSquare, possesses a keen interest in cybersecurity and enjoys writing about it. With several years of experience in the digital marketing industry, he brings expertise and passion to his work.

    See author profile
  • 10 July 2024
  • 6 mins read

Table of Content

Table of Contents

Music lovers, beware! Hackers have released data for roughly 40,000 print-at-home Ticketmaster tickets, posing a security risk to thousands. 

The leak, which affects fans planning to attend 154 forthcoming concerts and events, raises questions about the authenticity of tickets obtained through the platform. 

Ticketmaster has yet to issue an official statement on the incident, but here's what you need to know to protect yourself.

Which Hacking Identity Did They Use to Invade the Database?

In a continuing extortion attempt against Ticketmaster, threat actors have released nearly 39,000 print-at-home tickets to 150 forthcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and the Foo Fighters.

The tickets were disclosed by 'Sp1derHunters,' a threat actor who sells data taken from Snowflake accounts in recent attacks.

In April, hacking actors began obtaining Snowflake databases from at least 165 companies using credentials acquired by information-stealing malware.

Hackers Overtook Ticketmaster's Barcode System

Ticketmaster and AXS employ unique barcodes for "non-transferable" tickets. These barcodes, like certain login programs, change every few seconds, making screenshots useless. 

Tickets are sometimes issued close to the event time to limit sharing. This keeps ticket sales on their platforms.

Hackers used an Android phone connected to Chrome DevTools on a desktop PC to retrieve secret tokens from Ticketmaster and AXS, leveraging Conduition's disclosed findings.

These tokens allow them to set up a parallel ticketing system that creates valid barcodes for other platforms. This permits them to sell legal tickets on sites that Ticketmaster and AXS do not authorize.

Millions Affected by Taylor Swift Ticket Barcodes Leak

In May, hackers claimed to have stolen data from Ticketmaster, affecting 560 million customers. They wanted a ransom but eventually disclosed 166,000 Taylor Swift ticket barcodes, which Ticketmaster claims are unusable due to security precautions.

They said:

"Ticketmaster's SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied."

Sp1d3rHunters responded to Ticketmaster's statement, claiming that numerous print-at-home tickets with non-rotatable barcodes had been stolen.

The threat actor made a post on a hacking forum, saying:

"Ticketmaster lies to the public and says barcodes can not be used. Tickets database includes both online and physical ticket types."

"Physical ticket types are Ticketfast, e-ticket, and mail. These are printed and can not be automatically refreshed."

Verification is the Key to Secure Your Data!

This incident highlights the continuous struggle between event organizers and cybercriminals. Ticketmaster believes the hacked tickets are unusable, but the hacker claims a workaround exists. 

With so many famous events targeted, supporters are left puzzled and maybe exposed. The exact depth of the hack and its efficacy remains unknown, but it highlights the significance of strong cybersecurity safeguards in the ticketing sector.

Use PurePrivacy to robust your data security and avoid unwanted access to your online space.