Thoughts on the Alleged Ticketmaster Data Breach
Attention seeking cyber criminals getting what they want.
Alert not Alarmed
TLDR:
The Ticketmaster data breach claim has provided BreachForums with the quick attention they need to boost their user numbers and reputation. The claim has possibly been over-stated to boost attention. Hype it up! Firstly, regardless of the legitimacy of the data breach, Shinyhunters and BreachForums have achieved their goals --- They have caught the attention of the global media and generated hype to get users back to BreachForums after it was shutdown by LE weeks ago. While there is some new data in the shared evidence there is also old customer information, making it possibly this is a series of data jammed together.
Cross-Posted Claim.
Firstly, it looks like Shinyhunters has stolen the post about Ticketmaster from another user that has posted it to Exploit - or, Shinyhunters has shared the alleged data to both forums. But, this would undermine BreachForums as the go to option so it seems unlikely. The first image below is the post by Shinyhunters on BreachForums and the second image is a post on Exploit Forum from a user called 'Spiderman' You will note they are identical - making it questionable about the legitimacy of the hefty claim that it is 1.3tb of data. Both the posts share the same data evidence.
Reviewing the data.
I have taken a look at the data and some things worth noting: -- There are 54 email addresses in the currently shared data. -- None of the emails are linked to current dates, they are all from 2018 and older. -- The emails looks like a mix of UK and US linked email addresses. -- The new data from 2023/2024 looks like information related to ticket sale information and does not include any personal information.
Conclusion.
It is difficult to confirm or deny at this stage how legitimate this claim is, while it does look like there is some recent Ticketmaster data exposed it is not clear if the threat actors truly have over 560 million users of data. At this stage I would be cautious as there are some questionable aspects of this claim - keep Alert and not Alarmed. By fanning the flames of this claim you help promote BreachForums.