Understanding the TicketMaster Data Breach and How to Mitigate Risks
The TicketMaster Breach
TicketMaster, a subsidiary of Live Nation, recently suffered a significant data breach. On May 20, the company noticed unauthorized activity within a database that contained company data. By May 27, a criminal threat actor offered to sell what it alleged to be TicketMaster data on the dark web with approximately 560 millions records of personal database.
The hacking group named ShinyHunters claimed responsibility for the cyber-attack. They reportedly stated they were seeking $500,000 for the 1.3TB database of compromised customer data, which they claim includes names, addresses, phone numbers, and credit card details of the 560 million users.
LiveNation reported the breach in a regulatory filing, but did not confirm the number of customer affected, nor did they confirm (or deny), that the hacking group named ShinyHunters were the culprits.
The Risks
The risks associated with this breach are significant to every TicketMaster.com user. If your personal information was exposed in this breach (and if you use the website, then your details are likely breached), the breached company (LIveNation/TicketMaster) is likely to notify you. However, data breaches are not always detected immediately, so by the time you receive a notice, your information may have been available to criminals for some time. In this case, we know that data purporting to be from this very breach is already available for sale.
The risk multiplies hoever, if you’ve reused your password across multiple sites. If an attacker successfully targets your email service provider and gets your password, no matter how strong it is, the attacker can subsequently gain access to all accounts set up on that email.
Action Plan
- Change Your Passwords: If your password was compromised, you have to change it not only on the breached service but also everywhere else you’ve used that password2. The quickest way to do this is by using a password manager, which allows you to store unique, complex passwords for each account.
- Switch From Text-Based MFA to an Authentication App: If your name and phone number were part of a data breach, attackers can use it to try to log into your account2. When you turn on multifactor authentication (MFA), which is available for financial sites, social media sites, and many others, you’ll need a second factor in addition to your password to log in. TicketMaster.com uses text based MFA at this time and will confirm your identity with a text message code when you change your password.
- Monitor Your Financial Accounts and Credit Reports: Keep a close eye on your financial accounts for any unauthorized transactions. Also, monitor your credit reports regularly to spot any suspicious activities.
- Stay Alert: Be vigilant against phishing attempts. Be wary of any emails or messages that ask for your personal information or refer you to a web page asking for personal information.
If You’ve Reused Your Password
Here’s what you should do:
- Change Your Passwords Immediately: Start by changing the passwords of your most sensitive accounts, like your email and financial accounts5. Make sure to create a unique, strong password for each account.
*nbsp; - Use a Password Manager: A password manager can generate and store unique passwords for you, making it easier to have a different password for each account.
*nbsp; - Enable Two-Factor Authentication: Two-factor authentication adds an extra layer of security by requiring a second form of identification beyond just your password.
*nbsp;
Remember, the key to mitigating the risks of a data breach is to act quickly and stay vigilant!
Learn more
- Time Magazine Website Article about the TicketMaster Data Breach
*nbsp; - Consumer Reports – What do do after a Data Breach
*nbsp;
What products do you have with a password Manager available?