Entertainment giant Live Nation has confirmed its ticketing subsidiary Ticketmaster has been hacked.

Live Nation confirmed the data breach in a filing with government regulators late on Friday after the markets closed.

In its statement, Live Nation said it “identified unauthorized activity within a third-party cloud database environment containing Company data.” 

The company did not name the third-party cloud database. Amazon Web Services hosts much of Live Nation and Ticketmaster’s infrastructure, according to a since-removed customer case study on Amazon’s website.

Live Nation said the breach occurred on May 20, and that a cybercriminal on May 27 “offered what it alleged to be Company user data for sale via the dark web.” The company did not say who the personal information belongs to, though it’s believed to relate to customers.

A spokesperson for Live Nation did not immediately return a request for comment Friday from TechCrunch or over the past few days. It’s not clear why it took the company more than a week to publicly disclose the breach.

Earlier this week, the administrator of a since-revived popular cybercrime forum called BreachForums claimed to be selling the personal information of 560 million customers, including the alleged personal information of Ticketmaster customers, along with ticket sales and customer card information.

Until now, Live Nation had not commented on the alleged data breach. Earlier this week, Australian authorities confirmed it was assisting Live Nation with a cybersecurity incident, and U.S. cybersecurity agency CISA deferred comment to Live Nation.

TechCrunch on Friday obtained a portion of the allegedly stolen data containing thousands of records, including email addresses. This included several internal Ticketmaster email addresses used for testing, which are not public but found in the dataset, appear as real Ticketmaster accounts. Through our checks, TechCrunch verified on Friday that the records we checked belong to Ticketmaster customers. 

TechCrunch checked the validity of these accounts by running the internal email addresses through Ticketmaster’s sign-up form. All of the accounts came back as real. (Ticketmaster displays an error if someone enters an email address that is already a real Ticketmaster account.)

Earlier in May, the Department of Justice and 30 attorneys general sued Live Nation to break up the ticketing conglomerate, accusing Live Nation of monopolistic practices.


Do you know more about the Live Nation TicketMaster breach? Get in touch. To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.



Source link

By admin

Malcare WordPress Security