Ticketmaster tickets for Taylor Swift concerts and more leaked

The extortion campaign against Ticketmaster continues with the alleged leak of print-at-home tickets for 150 upcoming events. These tickets were leaked by an individual using the pseudonym Sp1d3rHunters, who is selling data stolen in recent Snowflake account thefts. The concerts referenced in this leak include tickets for Pearl Jam, Tate McCrae, Phish, and Foo Fighters. The malicious actors behind it demanded a ransom of $500,000 to prevent the tickets from being leaked or sold to other threat actors.

At the same time, Sp1d3rHunters has leaked 166,000 Taylor Swift ticket barcodes and demanded a ransom of $2 million. If the extortion demand is not met, Sp1d3rHunters threatens to leak the barcodes of all events by mail and on e-tickets.

“Ticketmaster’s ongoing extortion campaign, which allegedly leaked over 30,000 print-at-home tickets, highlights a critical cybersecurity issue,” said Toby Lewis, Global Head of Threat Analysis at Darktrace. “Unlike typical data breaches, stolen ticket barcodes can be monetized immediately and can cause significant disruption to events if duplicates are used.”

Ticketmaster claims the leaked data is worthless because barcodes are updated regularly to prevent fraud.

“This breach presents a unique challenge for Ticketmaster. While they claim to be able to easily revoke digital tickets without most users noticing, the situation is far more complex with printed barcodes,” says Lewis. “If the attackers do indeed have access to physical ticket data as they claim, any attempts to remediate this will be clearly visible to end users and potentially disruptive to events.”

Anyone who has purchased tickets through Ticketmaster is encouraged to be careful about their security and personal information.

Lewis advises: “Customers should follow official instructions from Ticketmaster, change their passwords and pay attention to notices regarding ticket validity. Ticket holders may be subject to additional verification measures at events.”

“This incident underscores the need for robust cybersecurity strategies, especially for organizations that handle immediately valuable data. It shows how cyberattacks can have immediate, real-world consequences that go beyond privacy concerns.”