Ticketmaster customers' personal information possibly leaked to the dark web following cyberattack

Tech Crunch reported that Live Nation's ticketing branch Ticketmaster has been hacked. The entertainment giant confirmed the hack by informing government regulators after the markets closed on Friday.

Live Nation released a statement saying that the breach had taken place on May 20. Whoever was behind the attack reportedly "offered what it alleged to be Company user data for sale via the dark web." Live Nation did not mention who the personal data belonged to, but it is believed to belong to customers.

It is still not clear why it took the company so long to report its findings to the appropriate authorities.

'A single credential resulted in the exfiltration of potentially hundreds of companies that stored their data using Snowflake, with the threat actor himself suggesting 400 companies are impacted.'

Live Nation's statement said: "On May 20, 2024, Live Nation Entertainment, Inc. (the 'Company' or 'we') identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened."

"On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement."

Tech Crunch reported that it contacted a spokesperson for Ticketmaster, who said the stolen database was being hosted on Snowflake—a cloud storage and analytics company based in Boston. However, the spokesperson did not disclose how the data was taken out of Snowflake's systems.

On Saturday, Snowflake released a statement of its own, writing: "Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of our customers’ accounts. We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data."

"Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity. To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product," the statement concluded.

Cybersecurity firm Hudson Rock stated: "To put it bluntly, a single credential resulted in the exfiltration of potentially hundreds of companies that stored their data using Snowflake, with the threat actor himself suggesting 400 companies are impacted."

"[T]he threat actor shared with Hudson Rock's researchers, which shows the depth of their access to Snowflake servers. This file documents over 2,000 customer instances relating to Snowflake's Europe servers."

The administrator of BreachForums—a now-revived cybercrime forum—noted that the personal information of 560 million customers is for sale, including the personal information of Ticketmaster customers.

It is unclear what other companies were victims of the attack.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!