Hackers leak alleged Taylor Swift tickets and step up Ticketmaster blackmail

Hackers have reportedly leaked Ticketmaster barcode data for 166,000 tickets to the Taylor Swift Eras tour and are warning that more events will be leaked if a $2 million extortion demand is not paid.

In May, a known threat actor called ShinyHunters began selling data from 560 million Ticketmaster customers for $500,000.

Ticketmaster later confirmed the data breach and ultimately stated that the incident was traced back to Ticketmaster’s account with Snowflake. Snowflake is a cloud-based data warehousing company used by the company to store databases, process data, and perform analytics.

In April, threat actors began downloading Snowflake databases from at least 165 organizations using credentials stolen with information-stealing malware.

The threat actors then extorted the companies and demanded payment to prevent the data from being shared or sold to other threat actors. Companies confirmed to have had data stolen from their Snowflake accounts include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.

Taylor Swift tickets leaked

Today, a threat actor named Sp1d3rHunters allegedly leaked ticket data from 166,000 Taylor Swift Eras Tour barcodes used to gain entry to various concert dates.

Sp1d3rHunters, formerly Sp1d3r, is the threat actor behind selling data stolen from Snowflake accounts and publicly extorting payments from the various companies.

“Pay us $2 million or we will reveal all 680 million of your users’ information and 30 million more event barcodes, including: more events from Taylor Swift, P!nk, Sting, Formula 1, MLB, NFL sporting events, and thousands more events,” reads the extortion note, first shared by threat intelligence service HackManac.

The post claims that the barcode data belongs to upcoming Taylor Swift concerts in Miami, New Orleans and Indianapolis.

The post contains a small sample of the alleged barcode data, which includes the value to create a scannable barcode, seating information, the face value of the tickets, and other information. The threat actor also shared details on how to convert this data into a scannable barcode.

While the barcode data was not part of the first leak of stolen Ticketmaster data samples that threat actors released in May, some of the newly leaked data can be found in the older leaks, including the hashed credit card and retail order information for the tickets.

The group behind these attacks is ShinyHunters, which has been responsible for many data breaches over the years, including the leak of 386 million user records from 18 companies in 2020, an AT&T data breach that affected 70 million customers, and most recently the leak of 33 million phone numbers used with the multi-factor authentication app Authy.

BleepingComputer has contacted Ticketmaster to confirm if these are valid ticket dates and if the tickets will be reissued, but has not yet received a response.