{
	"id": "38ebedf1-3a60-47d5-bab1-0bdcd0e0866b",
	"created_at": "2026-04-06T00:19:02.731501Z",
	"updated_at": "2026-04-10T03:34:59.512148Z",
	"deleted_at": null,
	"sha1_hash": "61b7a6354312853c018f4b17f948b9f145fff0c8",
	"title": "Data of 560 million Ticketmaster customers for sale after alleged breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3439035,
	"plain_text": "Data of 560 million Ticketmaster customers for sale after alleged breach\r\nBy Sergiu Gatlan\r\nPublished: 2024-05-30 · Archived: 2026-04-05 13:03:48 UTC\r\nA threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million\r\nTicketmaster customers on the recently revived BreachForums hacking forum for $500,000.\r\nThe allegedly stolen databases, which were first put up for sale on the Russian hacking forum Exploit, supposedly contain\r\n1.3TB of data and the customers' full details (i.e., names, home and email addresses, and phone numbers), as well as ticket\r\nsales, order, and event information.\r\nThey also contain customer credit card information, including hashed credit card numbers, the last four digits of the card\r\nnumbers, credit card and authentication types, and expiration dates, with financial transactions spanning from 2012 to 2024.\r\nhttps://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nShinyHunters told BleepingComputer that there are interested buyers in the data and said they feel one may be TicketMaster\r\nthemselves. When asked when and how the data was stolen, the threat actor said they \"can't say anything about this.\"\r\nHowever, cybersecurity collective vx-underground claimed to have spoken to some threat actors who allegedly breached\r\nTicketmaster. They said they could steal the data from the company's AWS instances \"by pivoting from a Managed Service\r\nProvider.\"\r\nAllegedly stolen Ticketmaster data for sale (BleepingComputer)\r\nTicketmaster has yet to reply to multiple requests from BleepingComputer to confirm the threat actor's claims and provide\r\nmore information on this alleged breach.\r\nThe FBI declined to comment when BleepingComputer asked if they were working with Ticketmaster to investigate an\r\nincident related to ShinyHunters' claims.\r\nWhile BleepingComputer cannot independently confirm if the data is legitimate, we have reviewed numerous samples\r\nshared by ShinyHunters, and the data appears to originate from TicketMaster.\r\nLawsuits and previous breaches\r\nLast week, the U.S. Department of Justice and a bipartisan coalition of 30 attorneys general sued Live Nation Entertainment\r\nand its Ticketmaster subsidiary for its anticompetitive conduct and violating the Sherman Antitrust Act by monopolizing the\r\nlive events industry.\r\nAs Bloomberg first reported, customers have already filed a proposed class action this week against Ticketmaster and its\r\nparent company, Live Nation for this alleged data breach. The action includes U.S. residents affected by this alleged breach.\r\nThe plaintiffs seek punitive damages, actual damages, and attorneys' fees, as well as an order requiring Ticketmaster to pay\r\nfor credit-monitoring services and reveal what customer data was exposed in the incident.\r\nFour years ago, Ticketmaster was fined $10 million for illegally accessing the systems of competitor CrowdSurge using the\r\ncredentials of one of its former employees to collect business intelligence and use it to \"choke off\" the rival company's\r\nbusiness.\r\nIn 2018, the company also disclosed a data breach that affected roughly 5% of its customer base after attackers stole\r\nTicketmaster login information, payment details, and personal information (i.e., names, addresses, email addresses, and\r\ntelephone numbers) belonging mostly to U.K. customers from the systems of third-party vendor Inbenta.\r\nhttps://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/\r\nPage 3 of 4\n\nPart of Live Nation Entertainment, Ticketmaster processes over 500 million tickets annually across 30 countries and controls\r\nnearly 80 percent of the U.S. ticketing industry.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/\r\nhttps://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/"
	],
	"report_names": [
		"data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434742,
	"ts_updated_at": 1775792099,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/61b7a6354312853c018f4b17f948b9f145fff0c8.pdf",
		"text": "https://archive.orkl.eu/61b7a6354312853c018f4b17f948b9f145fff0c8.txt",
		"img": "https://archive.orkl.eu/61b7a6354312853c018f4b17f948b9f145fff0c8.jpg"
	}
}