Photo courtesy of Paolo Villanueva.
Last week, a group of hackers reportedly released over 440,000 tickets to Taylor Swift’s Era’s Tour on the dark web. The hacking group called ShinyHunters published the barcode and ticket data on hacking forum, saying, “To celebrate the 4th of July we present to you 440k Taylor Swift Eras game tickets, and instead of her tour she’s performing in front of congress.”
The group claims it has accessed over 193 million ticket barcodes, which include nearly 500,000 ticket barcode’s for Taylor Swift’s Era’s Tour. They claim these barcodes are valued at approximately $22 billion, and they are demanding a ransom of $8 million from ticketing platform Ticketmaster and its parent company Live Nation.
This barcode leak comes after a reported cyberattack on Ticketmaster earlier this year, which Ticketmaster confirmed this month when it began contacting users to alert them to the data breach.
The ShinyHunters group claims their hack includes:
- 980 million sales orders
- 680 million orders detail
- 1.2 billion party lookup records
- 440 million unique email addresses
- 4 million uncased and deduped records
- 560 million AVS (Address Verification System) detail records
- 400 million encrypted credit card details with partial information
This was not the first Ticketmaster barcode leak
Though the figures provided by ShinyHunters have not been verified, the barcodes and ticket information leaked online appear to be genuine, and the leak follows a prior leak of over 30,000 tickets to various artists’ shows earlier this year.
The initial release included an initial demand of $2 million in ransom from Ticketmaster, with the group saying: “You now have to reset 30K more tickets… Pay us $2m or we will leak the mail and e-ticket barcodes for all your events.”
Those 30,000 ticket barcodes leaked include many different artists’ upcoming tours: P!nk’s “Summer Carnival,” Alanis Morissette’s “The Triple Moon tour,” Usher’s “Past Present Future Tour,” Neil Young and Crazy Horse’s “Love Earth Tour,” Bruce Springsteen and The E Street Bands’ 2024 Tour, Aerosmith’s “Peace Out Farewell Tour,” and Red Hot Chili Peppers’ “Unlimited Love Tour.” The leak also included upcoming Stevie Nicks, Pearl Jam, Steve Miller Band, and Sammy Hagar shows.
The data leaked is not limited to the ticket barcodes alone. Hackerleak found that the leaked data also included event information like the event ID, show start time, and show venue details including seating information.
The hackers also shared a tutorial showing readers how to make printable tickets using the leaked data. Their step-by-step guide included a Youtube video and detailed information on TicketFast artwork guidelines and Ticketmaster’s printing guidelines.
So far, Ticketmaster has denied offering to fulfill the hackers’ ransom. Ticketmaster has also stated that its ticketing technology prevented such leaked barcodes from being used as tickets by refreshing barcodes every few seconds. Data experts claim the leaked barcodes will not be functional for anyone trying to gain unauthorized entrance to the Era’s Tour, since entrance requires dynamic barcodes.
What’s next?
The breach has far-reaching implications for both Taylor Swift fans and Ticketmaster customers. The exposed personal data from this cyberattack opens the door for identity theft, phishing attacks, and other forms of fraud. Ticketmaster has recommended that affected users monitor their accounts for suspicious activity. A class action lawsuit has already been filed against Ticketmaster and parent company Live Nation Entertainment on behalf of the millions of consumers affected by the leak.
As cyberattacks grow increasingly sophisticated, it is more important than ever to employ cybersecure practices across your professional and personal digital accounts. If you’re looking to build cybersecurity into your business, contact us to learn more about 2b1 Care, our leading suite of cybersecurity tools.