A notorious hacking group has claimed the theft of data belonging to 560 million Ticketmaster users on a newly created version of the BreachForums cybercrime marketplace.
The new site emerged roughly two weeks after BreachForums was seized by law enforcement agencies in the US, Australia, Iceland, New Zealand, UK, and Ukraine.
This would be the third BreachForums iteration, after the initial version was shut down following the unmasking and charging of its administrator, and the second BreachForums was disrupted in mid-May 2024.
The first BreachForums was active between March 2022 and March 2023. Its administrator, Conor Brian Fitzpatrick, of New York, was sentenced earlier this year.
The second version was launched and operated by an individual known online as Baphomet, who was allegedly arrested during the mid-May takedown, and the notorious hacking group ShinyHunters.
Earlier this week, ShinyHunters announced the relaunch of the cybercrime forum with a high-profile breach: 560 million Ticketmaster users’ information. The hackers also claimed that law enforcement made a fatal error in their takedown attempt, and caused damage to a different business.
The ShinyHunters group claims to be in the possession of 1.3 terabytes of data stolen from Ticketmaster and is asking $500,000 for the data, which allegedly includes names, addresses, email addresses, phone numbers, partial credit card information, and financial transactions information.
According to threat intelligence and research group Vx-Underground, which analyzed a sample of the allegedly stolen data, the information appears to be authentic, containing entries dating back to 2011, with the most recent ones being dated March 2024. Some entries from the mid-2000s were found as well.
Vx-Underground, however, explains that ShinyHunters is not responsible for the Ticketmaster data breach, but acts as a proxy for the actual hackers.
The threat intelligence group has learned that the data was likely stolen from Ticketmaster AWS instances after hackers compromised a managed services provider.
California-based Ticketmaster, which is owned by Live Nation Entertainment, has not confirmed the data breach but is already facing a class action lawsuit over the incident, and the Australian government is probing the hackers’ claims.
The alleged size of the Ticketmaster data breach could have dire consequences for both the company and its users. Some, however, suggest that the newly launched BreachForums domain could be only a honeypot site set up by law enforcement.
Related: 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx
Related: Verizon Says Data Breach Impacted 63,000 Employees
Related: Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals
