Skip to content
Supply chainContained

Data leak at Ticketmaster

In 2024, ticketing giant Ticketmaster (Live Nation) suffered a breach of a third-party Snowflake cloud database; data on up to 560 million customers — names, contact details, order history and partial payment-card data — was stolen and offered for sale by ShinyHunters.

Victim
Ticketmaster
records
560.0M
SectorOther

On 28 April 2024, Ticketmaster — the world's largest ticketing platform, owned by Live Nation Entertainment — fell victim to one of the largest data breaches on record. Rather than a direct intrusion into Ticketmaster's own systems, attackers exfiltrated data from a third-party cloud data warehouse hosted on Snowflake, part of a wider campaign that also hit Santander and other Snowflake customers.

The threat actor group ShinyHunters accessed the Snowflake environment using credentials stolen by info-stealing malware, targeting accounts that lacked multi-factor authentication. Unauthorized activity took place roughly between early April and mid-May 2024; Live Nation identified the intrusion on 20 May 2024, and on 27 May the stolen database — around 1.3 TB — was advertised for sale on a cybercrime forum for about $500,000. Live Nation confirmed the incident in an SEC 8-K filing on 31 May 2024.

The data offered for sale reportedly covered up to 560 million customers and included:

  • First and last names
  • Email and postal addresses
  • Phone numbers
  • Transaction and order history
  • Partial payment-card data (last four digits and card expiry dates)

Live Nation stated the incident was not expected to have a material impact on its operations and worked with forensic investigators and authorities; Snowflake denied any vulnerability in its own platform, attributing the compromise to stolen customer credentials and missing MFA. The breach triggered class-action lawsuits and regulatory scrutiny across multiple jurisdictions.

Sources

  1. clubic.comhttps://www.clubic.com/actualite-528357-millions-de-clients-ticketmaster-pirates-le-geant-mondial-de-la-vente-de-billets-dans-la-tourmente.html
  2. securityaffairs.comhttps://securityaffairs.com/163999/data-breach/ticketmaster-confirms-data-breach.html
  3. therecord.mediahttps://therecord.media/live-nation-confirms-ticketmaster-breach-snowflake
  4. csoonline.comhttps://www.csoonline.com/article/2137755/live-nation-sec-filing-confirms-unauthorized-activity-in-wake-of-alleged-ticketmaster-hack.html

Related incidents

Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue
Supply chainOngoing

Leak at Musée des Arts et Métiers

Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.

Victim
Musée des Arts et Métiers
Supply chainContained

Leak at Bibliothèque Nationale de France

A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.

Victim
Bibliothèque Nationale de France