A live performance from Taylor Swift, whose ongoing Eras Tour has according to hackers been affected by the Ticketmaster data breach. Photo Credit: Ronald Woan
Following reports of hackers’ $8 million ransom demand for Ticketmaster customer data – seemingly including that of Eras Tour passholders – Live Nation is denying the claims and maintaining that Taylor Swift tickets are safe.
Live Nation’s Ticketmaster said as much in a statement to HackRead, which has covered the data-breach fiasco from the get-go. As we reported, a hacker group called ShinyHunters in late May claimed to have cracked into the Ticketmaster database and secured around 560 million consumers’ sensitive account information.
As an aside, HackRead has indicated that ShinyHunters isn’t behind the alleged crime at all, but is simply affiliated with the “high-profile, financially motivated threat group” that actually executed the breach. Furthermore, ShinyHunters, acting as the face of the scheme, relayed that Live Nation had for a time agreed to cough up $1 million to keep the matter quiet.
Predictably, the promoter has pushed back against the allegation – though it did confirm the data breach itself in June. Subsequently, Ticketmaster proper finally informed customers closer to July’s start, and amid claims of the hack’s being even larger than initially disclosed, ShinyHunters reportedly upped its ransom demand from $1 million to the above-highlighted $8 million.
Bearing in mind the dramatically larger sought payday, the hackers have reportedly obtained the barcodes associated with tickets to several commercially prominent artists’ shows.
That purportedly includes 440,000 tickets to Taylor Swift’s Eras Tour; the barcodes, the hacker posters alleged in a lengthy message and a step-by-step guide, can be used by non-purchasers to attend concerts. Of course, if true, the claim would potentially spell trouble (or at least inconvenience) for Live Nation, which promptly responded via Ticketmaster.
“Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied,” the Live Nation-owned platform communicated. “This is just one of many fraud protections we implement to keep tickets safe and unassailable. Some outlets are inaccurately reporting about a ransom offer. We were never engaged for a ransom and did not offer them money.”
But as HackRead pointed out – and as another hacker, this time called Sp1d3rHunters as opposed to ShinyHunters, noted in a messaging-board post dated July 8th – the remarks don’t mention physical tickets whatsoever.
“Our Response: Ticketmaster lies to the public and says barcodes can not be used,” reads Sp1d3rHunters’ follow-up. “Tickets database includes both online and physical ticket types. Physical ticket types are Ticketfast, e-ticket, and mail. These are printed and can not be automatically refreshed.”
Additionally, Sp1d3rHunters attached a “4-Step Guide to make your own Tickfast [sic] event PDFs with TM’s official ticket guide” – and made a separate ransom demand yet.
“To Ticketmaster: Ticketfast is [the] smallest number of printable tickets,” the demand reads. “You now have to reset 30k more tickets. Pay us $2million or we will leak the Mail and E-ticket barcodes for all your events.”
Regarding the differing ransom-demand amounts, it’s unclear whether ShinyHunters and Sp1d3rHunters are connected or if they both (and possibly others) breached Ticketmaster. What we do know for certain is that many are decidedly unhappy about the situation, and class action litigation is ongoing.
