Ticketmaster Hack: No Evidence That User Data Was Stolen as Live Nation Acknowledges Breach

Earlier this week, hackers on a “dark web” site claimed to have stolen data from hundreds of millions of Ticketmaster user accounts — but a source with knowledge of the investigation into the attack says there is no evidence that Ticketmaster fan accounts were compromised or that private user data was stolen.

Officials at Ticketmaster’s parent company, Live Nation, acknowledged a breach Friday (May 31) in a Securities and Exchange Commission (SEC) filing, noting it had identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened.”

The statement noted that the company was “cooperating with law enforcement” and that “as of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations.”

According to the source, federal authorities are currently working to understand how a “dark web” site seized by the federal government was recaptured on Monday (May 27) by hackers with the group ShinyHunters and used to ransom 1.3 terabytes of private data allegedly stolen from Ticketmaster for $500,000. Investigators aren’t sure what, if any, Ticketmaster files are being held in the 1.3 terabyte file, the source adds.

The hack, the source tells Billboard, did not involve a breach of the core Ticketmaster system. Rather, company officials are looking at cloud hosting service Snowflake as a possible site of the hack. A hacker claiming to be involved in the attack told the website Bleeping Computer that they had breached Santander Bank and Ticketmaster after hacking into an employee’s account at Snowflake, which provides cloud hosting services for major companies. According to that report, Snowflake is disputing the claim. Billboard independently confirmed that Ticketmaster uses Snowflake’s cloud hosting service.

When reached for comment, Live Nation directed Billboard back to the SEC filing. Snowflake did not respond to a request for comment by press time.

Australian ticketing firm Ticketek also reported Friday that it had fallen victim to hackers, notifying customers that the names of some of its users, as well as their dates of birth and email addresses, may have been accessed in a data breach. In a statement on its site, Ticketet said the user information had been stored in a cloud-based platform hosted by a “reputable, global third-party supplier”.

“Ticketek has secure encryption methods in place for all passwords and no Ticketek customer account has been compromised,” company officials said in a statement. “Additionally, Ticketek utilises secure encryption methods for online payments and uses a separate system to process online payments, which has not been impacted. Ticketek does not hold identity documents for its customers.”