TechTicketmaster data breach: 1 million records released for free

Ticketmaster data breach: 1 million records released for free

The issue of unauthorized access to the data of hundreds of millions of Ticketmaster customers from last month has not been resolved and seems to be gaining momentum. The criminals decided to publish a million stolen records online for free to influence the attacked company.

A million records from a break-in leaked online
A million records from a break-in leaked online
Images source: © Pixabay
Oskar Ziomek

23 June 2024 11:34

Information about the access to Ticketmaster customers' data appeared at the beginning of June, although the incident occurred at the end of May. At that time, it was confirmed that 560 million customers' data had been unauthorized. However, there is now information online suggesting an even greater number—680 million.

At the beginning of June, the data was put up for sale online, and it was declared at that time that the records contained, among other things, information about customers' payment cards. As noted now by Malwarebytes Labs, a post by user Sp1d3r appeared on one of the online forums, stating that Ticketmaster did not respond to the proposal to buy back the data. In the attackers' interpretation, this means a lack of respect for the privacy of millions of users. Hence, the first million records were just released online for free.

As you can easily imagine, such a situation leads to the beginning of many phishing campaigns or other scams, with the victims being the people from the group of a million random Ticketmaster customers whose data was obtained earlier.

Users who have used the service and may, therefore, be within the group of those affected should follow basic safety guidelines to protect themselves from the consequences of the data leak, namely:

  • Check if the company from which the data was stolen has contacted them about this matter, for example, via email. The communication may contain valuable tips, including instructions on what to do for safety.
  • Change the password for their account (and also for other services if the same login data was used, which is generally not recommended).
  • Enable two-step authentication wherever possible. This way, even if the login and password fall into the hands of attackers, they cannot log into the victim's account without the second factor, such as a one-time SMS code.
  • Stay calm and analyze all communications that may come to them from now on, for example, emails, without emotions. Phishing takes various forms, and the common feature is manipulation, using authentic data (obtained at the time of the leak), and exerting time pressure in cases that are only made up for the attack.
© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.