Ticketmaster Hackers Leak 30,000 More High-Profile Event Tickets on the Dark Web

• The hackers who claimed the Ticketmaster data breach are currently conducting an extortion campaign against the Live Nation company.
• Another batch of tickets to high-profile events that include notable music artists events are allegedly featured in the leak.
• The ticketing company rotates electronic barcodes, but physical ones would need reissuing.

The threat actors claiming the Ticketmaster data breach reportedly leaked over 30,000 barcodes for upcoming concerts and events on a popular hacker forum, including Cirque du Soleil and several popular music artists. 

The post was published by an entity using the handle Sp1d3rHunters, a merger of Sp1d3r and ShinyHunters. Both actors have been associated with the Ticketmaster data breach. The post also offers a DIY counterfeit tutorial on printing physical tickets at home.

The leaked CSV file allegedly contains barcode data for 38,745 printable tickets, which the hackers say are for Cirque du Soleil and artists like Pearl Jam, Aerosmith, Metallica, Red Hot Chili Peppers, Bruce Springsteen and The E Street Band, Sammy Hagar, Stevie Nicks, Steve Miller Band, Usher, P!NK, Chris Brown, Neil Young, Alanis Morissette, and more.

The provided data includes unique ticket barcodes, event details, venue and seating information, sales order and transaction ID, ticket type codes, browser ID, and Web session cookie values.

Ticketmaster has anti-fraud measures that constantly rotate to unique mobile barcodes, but the hackers said numerous of the stolen print-at-home tickets cannot be rotated because they are Ticketfast, e-ticket, and mail tickets.

The Live Nation Entertainment-owned ticketing company still has time to reissue the stolen barcodes to the rightful owners of the exfiltrated codes for physical tickets. However, people who are interested in these events should exercise caution towards phishing messages leveraging the “free concert tickets” lure.

The Ticketmaster cybercriminals posted a sample leak of 170,000 free barcodes out of 440,000 for Taylor Swift’s ERAS Tour last week for nine upcoming concerts in Miami, New Orleans, and Indianapolis. 

The message asked for US $2 million not to leak 680 million user details and 30 million more event barcodes they reportedly own, including more Taylor Swift concerts, P!nk and Sting tickets, and sporting events such as F1, MLB, NFL, and “thousands more.”

These breaches have been attributed to the UNC5537 threat actor. However, a member of the infamous ShinyHunters hacking group revealed earlier this month how they reportedly stole customer data from Snowflake accounts, and now it seems Sp1d3r and ShinyHunters have created an alliance.

The approximately 165 companies using Snowflake environments linked with the massive data breach include Ticketmaster, Ticketek, Neiman Marcus, Santander Bank, LendingTree subsidiary QuoteWizard, Advance Auto Parts, and Pure Storage. 

In June, hacker Sp1d3r was selling data reportedly stolen from the cybersecurity company Cylance, including 34 million customer, prospect, and employee emails.

Incident response firm Mandiant said the data was stolen by threat actors leveraging leaked credentials collected by several info-stealer malware variants. These belonged to Snowflake customer accounts that did not enable the multi-factor authentication (MFA) feature.