Data leak at Ticketmaster
In 2024, ticketing giant Ticketmaster (Live Nation) suffered a breach of a third-party Snowflake cloud database; data on up to 560 million customers — names, contact details, order history and partial payment-card data — was stolen and offered for sale by ShinyHunters.
- Victim
- Ticketmaster
- records
- 560.0M
On 28 April 2024, Ticketmaster — the world's largest ticketing platform, owned by Live Nation Entertainment — fell victim to one of the largest data breaches on record. Rather than a direct intrusion into Ticketmaster's own systems, attackers exfiltrated data from a third-party cloud data warehouse hosted on Snowflake, part of a wider campaign that also hit Santander and other Snowflake customers.
The threat actor group ShinyHunters accessed the Snowflake environment using credentials stolen by info-stealing malware, targeting accounts that lacked multi-factor authentication. Unauthorized activity took place roughly between early April and mid-May 2024; Live Nation identified the intrusion on 20 May 2024, and on 27 May the stolen database — around 1.3 TB — was advertised for sale on a cybercrime forum for about $500,000. Live Nation confirmed the incident in an SEC 8-K filing on 31 May 2024.
The data offered for sale reportedly covered up to 560 million customers and included:
- First and last names
- Email and postal addresses
- Phone numbers
- Transaction and order history
- Partial payment-card data (last four digits and card expiry dates)
Live Nation stated the incident was not expected to have a material impact on its operations and worked with forensic investigators and authorities; Snowflake denied any vulnerability in its own platform, attributing the compromise to stolen customer credentials and missing MFA. The breach triggered class-action lawsuits and regulatory scrutiny across multiple jurisdictions.
Sources
- clubic.comhttps://www.clubic.com/actualite-528357-millions-de-clients-ticketmaster-pirates-le-geant-mondial-de-la-vente-de-billets-dans-la-tourmente.html
- securityaffairs.comhttps://securityaffairs.com/163999/data-breach/ticketmaster-confirms-data-breach.html
- therecord.mediahttps://therecord.media/live-nation-confirms-ticketmaster-breach-snowflake
- csoonline.comhttps://www.csoonline.com/article/2137755/live-nation-sec-filing-confirms-unauthorized-activity-in-wake-of-alleged-ticketmaster-hack.html