Ticketmaster hacker group claims to have access to millions of Taylor Swift tickets

The hacking group ShinyHunters, allegedly behind the Ticketmaster data breach, has claimed to have access to billions of dollars worth of tickets, including around 440,000 for Taylor Swift concerts. This information comes from a post on “the notorious cybercrime and hacking platform” Breach Forums, according to a report on HackRead.com.

If confirmed, the account access achieved through the hack is significantly lower than what Ticketmaster told consumers during the hack, which occurred between April and May and was discovered in late May.

“To celebrate the 4th of July, we’re giving you 440,000 tickets to the Taylor Swift Eras games and instead of her tour, she’s performing in front of Congress,” reads a forum post by ShinyHunters on Thursday, according to a screenshot shared by HackRead.

According to the post, the group claims to have access to a total of 193 million barcodes, including nearly half a million for upcoming Taylor Swift Eras Tour concerts. The total value they assign to the barcode details is $22 billion, which is the “face value” of the tickets. As a result, Ticketmaster/Live Nation’s ransom demand has been increased from $1 million to $8 million, or the data could be sold to the highest bidder.

The stolen data reportedly includes

• 980 million sales orders
• 680 million orders in detail
• 1.2 billion party search records
• 440 million unique email addresses
• 4 million unpacked and deduplicated records
• 560 million AVS (Address Verification System) detail records
• 400 million encrypted credit card details with partial information

It is worth noting that this information is not confirmed as accurate, although previous information from the ShinyHunters group has been confirmed in this incident. It is true that the order information available in user accounts in the Ticketmaster system contains barcodes for tickets stored in that account. However, it is unclear whether such deep access to individual accounts was possible in this data security incident.

Ticket News reached out to Ticketmaster and its parent company Live Nation early Friday for comment on this latest report, but we have not yet received a response.

Just last week, Ticketmaster began contacting users who were allegedly affected by the hacker attack.

“Ticketmaster recently discovered that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider,” the email sent to affected consumers said. “Based on our investigation, we determined that the unauthorized activity occurred between April 2, 2024 and May 18, 2024. On May 23, 2024, we determined that some of your personal information may have been affected by the incident. Since we began our investigation, we have not identified any additional unauthorized activity in the cloud database.”

The notification does not suggest that users should be concerned about ongoing account security issues or take any security measures. On the contrary, “Your Ticketmaster account remains secure,” says bold text on Ticketmaster’s data security incident page on the website. “Customers can do business with Ticketmaster as usual, without any issues.”

“Our comprehensive investigation – together with leading cybersecurity experts and relevant authorities – has shown that there was no further unauthorized activity.”

Consumers who received notification that their accounts were involved in the incident were offered a free year of credit monitoring, but were otherwise instructed to continue as they were. We have not seen any reports of consumers saying that tickets have disappeared from their accounts or anything similar related to this incident.

We will update this story with more information as it becomes available.