Pierluigi Paganini July 05, 2024

The threat actor Sp1d3rHunters leaked valid Taylor Swift ’s ERAS Tour barcodes threatening to leak more data and blackmailing Ticketmaster.

A threat actor that goes online with the moniker Sp1d3rHunters leaked 170,000 valid barcodes for Taylor Swift’s ERAS Tour for free. The bar codes are valid for the upcoming concerts of Taylor Swift in Miami, New Orleans, and Indianapolis.

The threat actor demanded a $2 million ransom from Ticketmaster to avoid leaking 30 million more event barcodes and information on 680 million users.

The leaked barcodes are valid for upcoming concerts in Miami, New Orleans, and Indianapolis. Sp1d3rHunters plans to release tickets for other concerts and events of other celebrities, including tickets for P!nk and Sting concerts, and sports events (F1 Formula Racing, MLB, and NFL games).

Next week the threat actor will leak data associated with the events of another celebrity.

In May, ShinyHunters, the administrator of BreachForums, claimed the hack of Ticketmaster and offered for sale 1.3 TB of data, including full details of 560 million customers, for $500,000. Stolen data includes names, emails, addresses, phone numbers, ticket sales, and order details.

Ticketmaster owner Live Nation confirmed the data breach that compromised the data of 560 million customers.

The stolen data were offered for sale on the dark web a week later.

Threat actors had access to the database hosted on the infrastructure of the cloud storage and analytics company, Snowflake. The company discovered the intrusion on May 20, 2024, and immediately launched an investigation with industry-leading forensic investigators.

“On May 20, 2024, Live Nation Entertainment, Inc. (the “Company” or “we”) identified unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened.” reads the form 8-K filing to the US Securities and Exchange Commission.

“On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web.”

“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.”

Snowflake said it had informed a “limited number of customers who we believe may have been impacted” by attacks “targeting some of our customers’ accounts.” However, Snowflake did not provide details about the cyberattack it has suffered.

The website cyberexpress.com correctly recommends fans to stay alert and follow official updates. Ticket holders should verify their tickets through Ticketmaster’s official processes to avoid fraud.6, 202

Update Saturday July 6, 2024: Ticketmaster has refuted claims that hackers have stolen valid ticket barcodes for Taylor Swift concerts and other events. The company assured that their SafeTix technology refreshes barcodes every few seconds, preventing theft or duplication. They also denied engaging in ransom negotiations with the threat actors.

“Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied,” the spokesperson told The Record Media. “This is just one of many fraud protections we implement to keep tickets safe and secure.” 

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Taylor Swift)