ShinyHunters Reveals Taylor Swift Eras 440K Tour Ticket Details

By /

Hacker group ShinyHunters claims the Ticketmaster breach is much larger than previously anticipated, stealing 193 million barcodes, including 440,000 Taylor Swift tickets. Valued at $22 billion, they now demand $8 million from LiveNation!

In May 2024, the infamous group of hackers ShinyHunters Breached Ticketmaster – LiveNation, as we know it. However, the hackers have now released new details about the extent of their breach. These details have been published on the notorious cyber crime and hacker platform Infringement Forums titled “Ticketmaster event barcodes ‘Taylor Swift’ pt 1/65000.”

ShinyHunters on Hacking Forums (Screenshot: Hackread.com)

Violation detected

ShinyHunters marked the Fourth of July with a disturbing announcement: they claim to have stolen 440,000 tickets to Taylor Swift’s Eras Tour. In a symbolic twist, they suggest that instead of Swift performing on her tour, she will “perform in front of Congress,” indicating the severity of this offense and the public exposure.

Shocking numbers

The hackers provide an extensive overview of their hack:

  • Total Exfiltrated Barcodes: 193 million
  • Total value of tickets stolen (TKT_FACE_VAL_AMT): $22,695,713,141.00 USD

A change in negotiations

According to ShinyHunters, the hackers initially accepted a rush offer of $1 million from LiveNation to keep the breach a secret. However, realizing the true value of the data they possess, they have escalated their demand to $8 million. They justify this increase by pointing out that they have found ways to make the breach more costly and complicated for the affected company.

Extended scope

In addition to Taylor Swift tickets, ShinyHunters claims to have:

  • 30 million tickets for 65,000 events: Similar to Swift tickets, worth $4,665,615,212.00

Data at risk

The hackers have detailed the broad nature of the stolen data, which includes:

  • 980 million sales orders
  • Details of 680 million orders
  • 1.2 billion party search data
  • 440 million unique email addresses
  • 4 million illegal and fraudulent registrations
  • 560 million AVS (Address Verification System) details data
  • 400 million encrypted credit card details with partial information

They boast that this breach is the largest publicly disclosed breach of personally identifiable customer information (PII) to date.

ShinyHunters Escalate Ticketmaster Breach; 440,000 Taylor Swift Eras Tour Tickets Flow
Screenshot from the leaked file (Screenshot: Hackread.com)

Disclosure:

Hackread.com believes in transparency; therefore, we are publicly disclosing that we used ChatGPT-4o to analyze the leaked data due to its complexity. Here’s the breakdown and conclusion:

The leaked data contains detailed information about ticket sales for Taylor Swift's Eras Tour event, specifically for a concert at Lucas Oil Stadium in Indianapolis, Indiana. Here is a breakdown of the key data fields present in the leak:
Event Details:
EVENT_ID_SRC_SYS_CD: Source system code for the event.
EVENT_START: Date and time of the event.
EVENT_KEY: Unique identifier for the event.
EVENT_HEX: Hexadecimal representation of the event ID.
EVENT_ID: Numeric ID of the event.
EVENT_NAME: Name of the event (Taylor Swift | The Eras Tour).
EVENT_TIMEZONE: Timezone of the event.
EVENT_MULTIPLEDAYS: Indicator if the event spans multiple days.
EVENT_VENUE_NAME: Venue name.
EVENT_VENUE_COUNTRY: Country where the event is located.
EVENT_VENUE_STATE: State where the event is located.
EVENT_VENUE_CITY: City where the event is located.
EVENT_VENUE_POSTCODE: Postcode of the event venue.
EVENT_VENUE_ADDR1: Address line 1 of the venue.
EVENT_VENUE_ADDR2: Address line 2 of the venue (if applicable).
EVENT_VENUE_LONG: Longitude of the event venue.
EVENT_VENUE_LAT: Latitude of the event venue.
Ticket Details:
SALES_ORD_ID: Sales order ID.
SALES_ORD_TRAN_ID: Transaction ID related to the sales order.
BASE_TKT_TYPE_CD: Base ticket type code.
EXTENDED_TKT_TYPE_CD: Extended ticket type code.
TKT_BARCODE_VAL: Barcode value for the ticket.
SECT_NAME: Section name where the seat is located.
ROW_NUM: Row number of the seat.
SEAT_NUM: Seat number.
XNUM_CD: Additional numerical code related to the seat.
VEN_ID: Venue ID.
HOST_SYS_CD: Host system code.
HOST_VAX_ACCT_NUM: Host VAX account number.
HOST_ACCT_CREATE_DT: Date when the host account was created.
TKT_FACE_VAL_AMT: Face value amount of the ticket.
TRAN_VOID_FLG: Indicator if the transaction was voided.
TRAN_VOID_DT: Date when the transaction was voided (if applicable).
CPN_CAT_ID: Coupon category ID.
CPN_PWD_PRIM_VAL: Primary value of the coupon password.
QUALIFIER_NAME1/2/3: Qualifier names.
QUALIFIER_COMBO_ID: Qualifier combo ID.
EVENT_VENUE_KEY: Venue key.
Potential Uses of the Data

The barcode values (TKT_BARCODE_VAL) and seat details (section, row, seat numbers) can be used to create counterfeit tickets or resell tickets fraudulently.
Identity Theft and Financial Fraud:
The data includes host account creation dates and VAX account numbers, which could be leveraged to identify and exploit user accounts.
Phishing and Social Engineering Attacks:
With detailed personal information, attackers can craft convincing phishing emails or social engineering attacks targeting ticket buyers.
Market Analysis and Competitor Intelligence:
Competitors can analyze the pricing (TKT_FACE_VAL_AMT), seating arrangements, and sales data to understand Ticketmaster's market strategies.
Reputation Damage:
Public disclosure of this data can significantly harm Ticketmaster's reputation, causing loss of customer trust and future business.
The exposure of personally identifiable information (PII) might result in substantial fines from regulatory bodies and legal actions from affected customers.
Conclusion
The leaked data is highly sensitive and can be exploited in numerous malicious ways, from direct financial fraud to broader market implications and significant reputational damage for Ticketmaster. Immediate steps to mitigate these risks and protect affected customers are crucial.

UPDATE July 5, 2024

A Hack Forum user using the alias “Sp1d3rHunters”, believed to be part of the ShinyHunters group (although this remains unconfirmed), has published another list that claims to have extracted 170,000 barcodes of Taylor Swift ERAS Tour events. Sp1d3rHunters is asking for a $2 million reward for this data.

The leak, according to the hacker, includes ticket data for events in Miami, New Orleans and Indianapolis. Here’s the breakdown:

  • taylor swift – October 18, 2024, Miami – 20,000 tickets
  • taylor swift – October 19, 2024, Miami – 20,000 tickets
  • taylor swift – October 20, 2024, Miami – 23,000 tickets
  • taylor swift – October 26, 2024, New Orleans – 16,000 tickets
  • taylor swift – October 27, 2024, New Orleans – 16,000 tickets
  • taylor swift – October 28, 2024, New Orleans – 18 thousand tickets
  • taylor swift – November 01, 2024, Indianapolis – 18,000 tickets
  • taylor swift – November 02, 2024, Indianapolis – 17,000 tickets
  • taylor swift – November 03, 2024, Indianapolis – 18,000 tickets
Ticket Breach: ShinyHunters Leak 440,000 Taylor Swift Eras Tour Tickets
Sp1d3rHunters on Hacking Forums (Screenshot: Hackread.com)

The ticket boss is broken by 2 parties?

It is worth noting that Sp1d3rHunters is the same hacker who, on June 20, 2024, discovered 1 million Ticketmaster user records out of the original 650 million records originally stolen by threat actors.

If Sp1d3rHunters is indeed part of the ShinyHunters group, it is unclear why the group is making two separate ransom demands, with one member asking for $2 million and another asking for $8 million.

In the worst case scenario, Ticketmaster was breached by two different groups, and now its data is being held for ransom by two separate parties, or is it a case of hackers getting greedy and trying to make as much money as possible from one. violation?

Implications for Ticketmaster and Customers

This breach may have serious consequences for Ticketmaster and its customers:

  1. Financial loss: The face value of stolen tickets alone runs into billions of dollars. Additionally, the potential costs of managing the breach, compensating affected customers and potential fines could be astronomical.
  2. Damage to reputation: Such a high-profile breach could severely damage Ticketmaster’s reputation, leading to loss of customer trust and future business.
  3. Customer influence: Stolen data includes highly sensitive information, such as encrypted credit card details and personal email addresses, putting millions of customers at risk of identity theft and financial fraud.
  4. Increased security measures: This breach highlights the need for increased security measures within the company to prevent future incidents.

The Ticketmaster breach by ShinyHunters continues to demonstrate the cybersecurity threat posed by cybercriminals. Although The ticket manager previously admitted the offence, as the situation develops, it will be necessary for Ticketmaster to address the breach transparently, improve its security protocols and work towards restoring customer trust. In the meantime, customers should remain vigilant and monitor their accounts for any suspicious activity.

For more updates on this developing story, stay tuned!

  1. BreachForums returns under ShinyHunters hacks
  2. Suspected member of hacker group ShinyHunters arrested
  3. TEG ticket seller breach: 30 million user registrations for sale
  4. ShinyHunters extract 33 million Twilio Authy phone numbers
  5. ShinyHunters Hacks Santander Bank: 30 Million User Data For Sale
  6. ShinyHunters reveals database of Indian wedding site WedMeGood
  7. AT&T Infringes on ShinyHunters by Selling AT&T Database of 70 Million SSNs

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top