Ticketmaster hack: Customers told to sign up for security service

Ticketmaster customers in North America received emails warning them to take action after the company was hacked in May.

Emails were sent overnight to Canadian customers, urging them to “be vigilant and take steps to protect against identity theft and fraud.”

The company has not commented on the notification process — however, there have been reports of similar emails being sent to victims in the US and Mexico.

The personal data of 560 million Ticketmaster customers worldwide was stolen in the hack — and cybercriminals then tried to sell that information online.

Ticketmaster did not respond to a BBC question about why it took so long to warn customers of the risks they faced.

But in an email seen by the BBC, Ticketmaster said it had been unable to notify them earlier due to ongoing police investigations.

Previous news of the breach came from the hackers themselves, followed by a notification from Ticketmaster to its shareholders.

Ticketmaster confirmed that the hackers stole names and basic contact details, without specifying what types of information were obtained.

The hackers also stole encrypted credit card details, but the company did not respond to a BBC request for more information about how secure this encryption is.

According to an email seen by the BBC, the company is urging customers to monitor their online accounts, including bank statements, for any suspicious activity.

The company advises Canadian customers to sign up for identity monitoring services, which Ticketmaster pays for.

“Identity Monitor will search for your personal data on the dark web and provide you with alerts for one year from the date of registration if your personally identifiable information is found online,” the company said.

Ticketmaster suggests people be wary of any suspicious emails that appear to be from the company.

When a data breach occurs, it can sometimes lead to secondary hacks or fraud attempts by other criminals who use your details to trick you into sending them money or downloading malware.

However, this is rare, and there is little evidence that it occurs on a large scale.

The group responsible for the Ticketmaster hack is called ShinyHunters — and it posted an ad on a hacking forum on May 28 that exposed the data of 560 million customers.

The gang is demanding $500,000 (£390,000) for the data, and it is not yet clear whether they have sold this amount.

After days of investigation, it was revealed that hackers had stolen data from Ticketmaster by stealing login details from Snowflake, the company it uses for its cloud storage account.

It later emerged that more than 160 other Snowflake customers had been targeted in the same way — with massive amounts of private and corporate data stolen.

Santander Banking Group is one of the affected groups, with 30 million of its customers in Chile, Spain and Uruguay exposed to the hack.

Cybersecurity firm Mandiant, which investigated the attacks, says Snowflake’s system itself was not compromised.

Mandiant says ShinyHunters, or whatever hackers carried out the broader attacks, obtained login details directly from each client company.

Live Nation, the owner of Ticketmaster, had previously confirmed the hack in a notice to shareholders filed with the U.S. Securities and Exchange Commission.

The company acknowledged “unauthorized activity” in its database, but said the breach would not have a material impact on its business.

Ticketmaster did not respond to multiple requests for comment from reporters before and after the request was filed.