Ticketmaster hack: Customers asked to register with security service

Ticketmaster customers in North America have received emails urging them to take action after the company was hacked in May.

Overnight, emails were sent to Canadian customers urging them to “be vigilant and take steps to protect against identity theft and fraud.”

The company has not commented on the notification process, but similar emails have reportedly been sent to victims in the United States and Mexico.

The hack resulted in the personal data of 560 million Ticketmaster customers worldwide being stolen – cybercriminals then attempted to sell this information online.

When asked by the BBC why it took so long to warn customers about the risks they faced, Ticketmaster did not respond.

However, in an email seen by the BBC, Ticketmaster said that due to ongoing police investigations, it had not been possible to notify the event organizer earlier.

The first news of the data theft came from the hackers themselves, followed by a message from Ticketmaster to its shareholders.

Ticketmaster confirmed that hackers had stolen names and basic contact information, but did not specify what type of information was stolen.

Hackers also stole encrypted credit card data, but the company did not respond to a BBC request for further information on the security of this encryption.

The email, seen by the BBC, shows that the company is urging its customers to monitor their online accounts, including bank statements, for suspicious activity.

The company recommends that Canadian customers sign up for identity verification services sponsored by Ticketmaster.

“Identity Monitoring looks for your personal information on the dark web and notifies you if your personal information is found online for one year from the date of sign-up,” the company explained.

Ticketmaster recommends being alert to suspicious-looking emails that appear to come from the company.

When a data breach occurs, it can sometimes lead to further hacking or scam attempts by other criminals who will use your information to trick you into sending them money or downloading malware.

However, this is rare and there is little evidence that it happens on a large scale.

The group responsible for the Ticketmaster hack is called ShinyHunters – they posted an ad on a hacker forum on May 28 offering the data of 560 million customers.

The gang is demanding $500,000 (£390,000) for the data and it is unclear whether they have already sold the tranche.

After days of investigation, it emerged that the hackers had obtained Ticketmaster data by stealing login credentials from Snowflake, the company Ticketmaster uses for its cloud storage account.

It subsequently emerged that over 160 other Snowflake customers had been attacked in the same way – with large amounts of private and business data stolen.

The Santander banking group is also among those affected – 30 million of its customers in Chile, Spain and Uruguay were hacked.

Cybersecurity firm Mandiant, which investigated the attacks, says Snowflake itself was not attacked.

Mandiant says ShinyHunters or whichever hackers carried out the broader attacks obtained the credentials of each client company directly.

Ticketmaster owner Live Nation had previously only confirmed the hacker attack in a statement to shareholders of the US Securities and Exchange Commission (SEC).

While the company acknowledged “unauthorized activity” in its database, it said the hack would not have a significant impact on its business.

Ticketmaster did not respond to multiple requests for comment from journalists before and since the filing.