TechTicketmaster data breach escalates: 680 million customers at risk

Ticketmaster data breach escalates: 680 million customers at risk

The issue of unauthorized access to the data of hundreds of millions of Ticketmaster customers from last month remains unresolved and appears to be gaining momentum. The criminals decided to publish a million stolen records online for free to exert pressure on the company.

A million records from a break-in have been leaked online
A million records from a break-in have been leaked online
Images source: © Pixabay
Oskar Ziomek

23 June 2024 12:36

Information about access to Ticketmaster customers' data emerged at the beginning of June, although the incident occurred at the end of May. At that time, it was confirmed that data from 560 million customers had been compromised. However, current web reports suggest an even greater number—680 million.

At the beginning of June, the data was put up for sale online, and it was disclosed that the records contained, among other things, information about customers' payment cards. As observed by Malwarebytes Labs, a post by user Sp1d3r appeared on an online forum, claiming that Ticketmaster did not respond to the proposal to buy back the data, which, in the attackers' interpretation, demonstrates a lack of respect for the privacy of millions of users. Consequently, the first million records were released online for free.

This situation is likely to lead to the initiation of many phishing campaigns and other scams, targeting the million random Ticketmaster customers whose data was compromised.

Users who have used the service and may be among those affected should follow basic safety guidelines to protect themselves from the consequences of the data breach. These include:

  • Check whether the company from which the data was stolen has communicated with them about this matter, for example, via email. Such communication may contain valuable advice, including instructions on what to do for safety.
  • Change your account password (and also in other services if the same login data was used, which is generally not recommended).
  • Enable two-step authentication wherever possible. This ensures that even if the login and password are compromised, attackers cannot access the account without the second factor, such as a one-time SMS code.
  • Stay calm and critically evaluate all communications that may come to them, such as emails. Phishing takes many forms, but it often involves manipulation, using authentic data (obtained in the breach), and applying time pressure in fabricated scenarios designed to trick victims.
Related content
© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.