Ticketing giant Ticketmaster has confirmed it was part of a data breach, potentially affecting hundreds of millions of customers around the world.
The ABC News service reported - and as widely reported by other media outlets - in filing with the US Securities and Exchange Commission, Ticketmaster's parent company, Live Nation Entertainment, said it had "identified unauthorised activity within a third-party cloud database environment."
The ABC notes that the company said it first identified "unauthorised activity" on May 20, a week before notorious hacking group ShinyHunters posted about the breach on a dark web forum.
"We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement," it said.
{loadposition peter}
Ticketmaster added that the incident "has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations."
On Wednesday it was reported by by the ABC that the personal details of 560 million Ticketmaster customers may have been leaked in a data breach claimed by ShinyHunters.
The Department of Home Affairs then confirmed with the ABC it was investigating a "cyber incident involving Ticketmaster".
This is the first time Ticketmaster has commented publicly on the breach.
The ABC report noted: "ShinyHunters, a well-known hacking group posted evidence on May 27 of the hack on the dark web, according to a screenshot shared widely on social media.
"The group demanded a ransom payment of $US500,000 ($750,000) describing it as a "one-time sale," according to the post.
"Ticketmaster, a California-based company, operates one of the largest online ticket sales platforms in the world.
"On Friday, rival company Ticketek Australia said the names of some of its customers, as well as their dates of birth and email addresses, may have been accessed in a data breach too.
"The company said it had secure encryption methods in place for customer passwords, and no customer accounts or payment details had been compromised in the cyber incident.
"There is no evidence the two potential incidents are related," the ABC concluded.
In a seperate comment on the Ticketmaster data breach, Javvad Malik, Security Awareness Advocate at KnowBe4 said that "while its not know exactly how many Australians are caught up in the Ticketmaster breach, experts reckon it could be around 2 million!"
Malik said the hackers from ShinyHunters "also allegedly leaked the data of nearly 200,000 Aussie Pizza Hut customers last year - and the government says they're working with Ticketmaster to understand the incident'.
“But experts worry that any leaked data could be used for phishing, or impersonation attacks down the track. In the meantime there are some things we can do to protect ourselves, like changing passwords regularly, not clicking on suspicious links, enable multi-factor authentication, and changing important details, like ID numbers, if you've been affected by a data breach," observed Malik.
Malik also notes that:
- In short: Ticketmaster has confirmed it was hacked and customer information was stolen days after Home Affairs said it was investigating an incident involving the company.
- In a filing with the US Securities and Exchange company it said it has identified "unauthorised activity within a third-party database environment".
- Ticketmaster said it is cooperating with law enforcement and working to mitigate risk to users.