Live Nation Entertainment [1] [7] [8], the parent company of Ticketmaster [6] [7] [9] [12], confirmed a data breach on May 20 involving unauthorized activity in a third-party cloud environment [9].


The breach, attributed to the hacker group ShinyHunters, exposed personal information on over 560 million Ticketmaster customers [4] [7], including names [7] [8] [10] [11] [12], credit card numbers [7], emails [1] [4] [7] [8] [9] [10] [11] [12], home addresses [3] [7] [11] [12], and phone numbers [3] [7] [11] [12]. The stolen data [3] [4] [6] [7] [10] [12], hosted on Snowflake [3] [4] [10], a Boston-based cloud storage and analytics company [4], is being offered for sale for $500,000 on the dark web. It is unclear how the data was exfiltrated from Snowflake [4]. Despite the breach [4], Live Nation stated that it has not had a material effect on their operations or finances and is actively working to mitigate risks [7]. Live Nation and Snowflake are cooperating with law enforcement to address the breach. ShinyHunters [1] [2] [3] [5] [6] [7] [8] [9] [10] [11] [12], known for selling hacked data and ransom threats, claimed responsibility for the breach and are seeking payment for the stolen information. TechCrunch verified the stolen data [4], including internal Ticketmaster email addresses [4], as belonging to real accounts [4]. The criminal threat actor offered to sell the compromised data on the dark web for $500,000 [5], consisting of a 1.3TB database of customer information. Live Nation is collaborating with law enforcement officials to manage the situation effectively. The Department of Home Affairs is also investigating the cyber incident [1], which affected potentially hundreds of millions of Ticketmaster customers worldwide [1]. Ticketek Australia reported a separate data breach involving customer names [1], dates of birth [1], and email addresses [1] [4] [10], with no compromise of payment details [1]. There is no evidence linking the two incidents [1]. The breach may have originated from attacks on the cloud storage accounts with Snowflake [2], with the hacker gaining access to Ticketmaster and Santander Bank by using stolen credentials from a Snowflake employee [2]. The hacker bypassed Okta authentication and obtained a trove of information from Snowflake [2], potentially affecting hundreds of other customers [2]. The intrusion was detected amidst a civil antitrust lawsuit against Live Nation and Ticketmaster for monopolization and unlawful conduct in the live entertainment industry [8].


The breach has significant implications for the affected customers and the companies involved. Live Nation’s efforts to mitigate risks and collaborate with law enforcement are crucial in addressing the breach. The incident highlights the importance of cybersecurity measures and the need for enhanced protection of customer data in cloud environments.