Ticketmaster hack: Customers urged to sign up for security service

Ticketmaster customers in North America received emails warning them to take action after the company was hacked in May.

Emails were sent overnight to Canadian customers urging them to “be vigilant and take steps to protect yourself against identity theft and fraud.”

The company has not commented on the notification process – however, similar emails have reportedly been sent to victims in the United States and Mexico.

Personal data of 560 million Ticketmaster customers worldwide was stolen in the hack, with cybercriminals then attempting to sell the information online.

Ticketmaster did not respond to a BBC question about why it took so long to warn customers of the risks they faced.

But in an email seen by the BBC, Ticketmaster said it was unable to notify them earlier due to ongoing police investigations.

Previous information about the breach came from the hackers themselves, followed by a notice from Ticketmaster to its shareholders.

Ticketmaster confirmed that the hackers stole names and basic contact information, without specifying what types of information were obtained.

The hackers also stole encrypted credit card information, but the company did not respond to a BBC request for more information about how secure that encryption was.

According to the email seen by the BBC, the company is urging customers to monitor their online accounts, including bank statements, for suspicious activity.

The company advises Canadian customers to sign up for identity monitoring services, for which Ticketmaster pays.

“Identity Monitoring will scan the dark web for your personal data and provide you with alerts for 1 year from the date of registration if your personally identifiable information is found online,” the company said.

Ticketmaster suggests people be wary of any suspicious emails that appear to come from the company.

When a data breach occurs, it can sometimes lead to secondary hacking or fraud attempts by other criminals who use your data to trick you into sending them money or downloading malware.

However, this remains rare and there is little evidence that it occurs on a large scale.

The group responsible for the Ticketmaster hack is called ShinyHunters. It posted an announcement on a hacking forum on May 28 offering the data of 560 million customers.

The gang are demanding $500,000 (£390,000) for the data and it is not known whether they have sold the slice.

After several days of investigation, it was revealed that the hackers had retrieved data from Ticketmaster by stealing login credentials from Snowflake, the company it uses for its cloud storage account.

It later emerged that more than 160 other Snowflake customers had been similarly targeted, with massive amounts of private and corporate data stolen.

The banking group Santander is one of the groups affected: 30 million of its customers in Chile, Spain and Uruguay were hacked.

Cybersecurity firm Mandiant, which investigated the attacks, says Snowflake itself was not hacked.

Mandiant claims that ShinyHunters, or the hackers who carried out the larger attacks, obtained login information directly from each client company.

Ticketmaster owner Live Nation has so far only confirmed the hack through a shareholder notice filed with the U.S. Securities and Exchange Commission.

It acknowledged “unauthorized activity” on its database, but said the hack would have no material impact on its business.

Ticketmaster did not respond to multiple requests for comment from reporters before and since the lawsuit was filed.