The IT Nerd

A group of threat actors named Sp1d3rHunters who are claiming to have hacked Ticketmaster are claiming to be about to leak over 30K tickets for events after claiming to have leaked 170K tickets for Taylor Swift’s concerts.

Rogier Fischer, CEO, Hadrian had this to say:

The statement of Sp1d3rHunters and actions like release of barcodes for high-profile events and the publication of a YouTube guide for using the tickets gives the impression of hacktivism.

However, the activities of the hacker group against Ticketmaster, including the leaking of print-at-home tickets and demanding a ransom, suggest this is more aligned with cyber extortion, Rogier Fischer, CEO of Netherlands-based cybersecurity service Hadrian pointed out.”Hacktivism typically involves hacking activities aimed at promoting political agendas or social change, often without a direct financial motive.

In this case, the primary goal of Sp1d3rHunters appears to be financial gain, as shown by their $2 million ransom demand,” he said”

Additionally, the broader context of Sp1d3rHunters’ actions, including their association with ShinyHunters and the compromise of 560 million Ticketmaster customers’ data, underscores a pattern of financially motivated cybercrime.”

According to him, automating and updating the regular defences in the cybersecurity arsenal such as multi-factor authentication (MFA), penetration testing, attack surface management, and employee training will help stave off most attempts like these.

“Developing and updating an incident response plan is paramount here, along with ensuring all sensitive data is encrypted both in transit and at rest,” he added.

Ticketmaster has a ton of issues right now, including this one that I am personally affected by. Ticketmaster really needs to get a handle on their issues, or else they’re going to really going to have a tough time existing.

Late yesterday, I got a data breach notification in my inbox. This isn’t the first time that this has happened and it won’t be the last time that this happens given how bad things are when it comes to company NOT protecting your personal information.

This data breach notification comes from Ticketmaster who recently got pwned in epic fashion. I haven’t dealt with Ticketmaster for years. In fact, the last time I dealt with them was 2016 when the Pet Shop Boys came to town. So on one hand, I was surprised to see that I was affected. But on the other hand I wasn’t as clearly Ticketmaster was holding on to my personal data since then. Which says a lot about their data handling practices. In any case, here’s the email that I got:

So I did sign up for their credit monitoring service. That seems to be a sensible thing to do. But at the same time I have to admit that my exposure to this is pretty limited. The credit cards that I would have used at the time has been replaced for example. So there should be no opportunity for fraud on that front. But the key word is SHOULD. I’ve learned over the years that threat actors will find ways to take information and use it to make your life miserable.

This situation has made me a lot more interested in this Ticketmaster situation as it isn’t just a news story anymore as it personally affects me. Thus I will be keeping a close eye on this going forward. And I will also be looking to see if Ticketmaster pays a price for this data leak. But honestly, they need to pay a price.