The Ticketmaster data breach occurred in May 2024, when the company discovered unauthorized activity on a cloud database hosted by a third-party provider. This database contained customers’ names, addresses, phone numbers, and payment information.
Ticketmaster sent out emails and published an article on its Help page, but did not detail how and why the breach happened. That said, several media outlets reported on the incident and shared details of how the breach happened. Our experts have compiled all the information available, so you’ll have it in one place.
Ticketmaster Data Breach – Key Facts
- In May 2024, Ticketmaster experienced a breach in a cloud database containing email addresses, phone numbers, and other sensitive information of its customers.
- The company launched an investigation and hasn’t seen further unauthorized activity ever since.
- A hacking group ShinyHunters claimed responsibility, saying they accessed Ticketmaster’s accounts through a third-party contractor.
The Story of the Ticketmaster Data Breach
Ticketmaster, the world’s largest ticket sales marketplace, confirmed in May 2024 that it experienced a breach in a cloud database. Hosted by a third-party service provider, this database contained names, email addresses, and payment information of Ticketmaster users.
Details of the Unauthorized Activity on Ticketmaster Database
In May 2024, Ticketmaster, owned by Live Nation, discovered unauthorized activity in a cloud database hosted by a third-party data services provider. The database contained the personal information of customers who had bought tickets in the US, Canada, and Mexico.
Various outlets reported that a hacking group called ShinyHunters claimed responsibility and demanded $500,000 for the data of 560 million consumers.
In a filing with the Maine Attorney General, Ticketmaster said over 1,000 consumers were affected. The company didn’t make any public announcement about who the hackers were or what data was involved but warned its customers that there was a lot of inaccurate information circulating.
Parent Company Live Nation Releases a Statement
In a statement to the SEC, Live Nation, Ticketmaster’s parent company, wrote:
“On May 20, 2024, Live Nation Entertainment, Inc. (the “Company” or “we”) identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened.” It went on:
On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement.
Continuing, “As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.”
A Ticketmaster spokesperson told TechCrunch that the stolen database was hosted on Snowflake, a data storage company.
Ticketmaster Notifies Customers
Ticketmaster sent out emails and first-class mail notifying customers about the incident. The email highlighted once again that the breached database likely contained email, phone number, and encrypted credit card or debit card information that consumers had provided to Ticketmaster.
So, I receive a ‘data incident’ notice from @Ticketmaster
“What can I do?
There is nothing you need to do” <FFS. Also I could get a free ‘12-month identity monitoring service with TransUnion’ WTF. No.I am SOOOOs sick & tired of my data being in breaches. pic.twitter.com/JfZqL2oqpw
— Privacy Matters (@PrivacyMatters) June 27, 2024
Eligible customers were offered a free 12-month identity monitoring service to protect themselves from online identity theft.
The Hackers Speak to WIRED
A hacker from ShinyHunters told WIRED they had breached a third-party contractor to gain access to Ticketmaster’s Snowflake cloud account.
The hackers allegedly used data on the employee system of EPAM, a digital services firm founded in the US by Belarusian entrepreneurs. Once on EPAM’s system, they installed a remote-access Trojan to access employees’ computers. This allowed them to discover unencrypted usernames and passwords for Snowflake accounts, including Ticketmaster’s.
EPAM denied involvement.
The Consequences of the Ticketmaster Data Breach
Many users were frustrated about the data breach, particularly given that Ticketmaster charges a 10% administration fee, a 2% processing fee, and a 2% transaction fee. Consumers voiced concerns that the company should have been able to invest in stronger cybersecurity measures with such high service charges.
Hilarious @Ticketmaster sending me a letter that they had a data breach and I should be on the lookout for any fraud
Boy the biggest fraud are all those fees you’re always charging me, how bout a letter on that? pic.twitter.com/sQnYxbhbQI
— Mike Janela (@MikeJanela) August 5, 2024
Two California residents, Cynthia Ryan and Rosalia Garcia, filed a lawsuit against Ticketmaster saying that the company failed to secure their personal information.
The US Justice Department has also filed a lawsuit against Ticketmaster and its parent company Live Nation for violating laws related to “antitrust, competition, unlawful or unfair business practices, restraint of trade, and other causes of action”. Although it was filed after the data breach occurred, this lawsuit mostly relates to whether Ticketmaster is a monopoly. The case focuses on how TicketMaster and LiveNation (allegedly) use their respective strangleholds on ticketing and venue management and promotion together to command higher prices.
Live Nation said that the lawsuit was a lobbying campaign from Ticketmaster’s competitors.
The company also stated that its market share in the live events space has actually declined since 2010. According to Statista Customer Insights, 63% of surveyed Americans bought tickets from Ticketmaster in the past 12 months. The next most popular platforms were Eventbrite, StubHub, Seat Geek, Event Tickets Center, and Ace Ticket.
What Can We Learn From the Ticketmaster Data Breach?
The Ticketmaster breach shows us that any company can fall victim to cyberattacks no matter how big they are. Companies must have strong cybersecurity measures, such as multi-factor authentication for cloud services, regular audits, and assessments of third-party providers. Most of these kinds of breaches occur because of human error (like clicking a phishing link) so strong cybersecurity training is nothing short of essential for just about any kind of business.
Another lesson is the importance of clarity and timeliness. Ticketmaster didn’t disclose why its public announcement came a week after the data breach. Similarly, some customers reported receiving their letters and emails nearly two months after the breach, which is concerning. Especially in sensitive topics like customer information and personal data, companies should prioritize timely communication. Otherwise, they risk breaking customer trust and losing clients.
🛑 Ticketmaster notifica oficialmente el hackeo a sus clientes🛑
Casi dos meses después, pero Ticketmaster ha notificado a sus clientes por correo electrónico sobre el hackeo masivo del que fueron víctimas y que expuso datos de millones de clientes. pic.twitter.com/hHEJ3LElOh
— Ignacio Gómez Villaseñor (@ivillasenor) July 13, 2024