Ticketmaster hack: Customers told to log in to security service

Emails were sent to Ticketmaster customers in North America warning them to take action after the company was hacked in May.

Emails were sent to Canadian customers overnight urging them to “be vigilant and take steps to protect against identity theft and fraud.”

The company did not comment on the reporting process – however, similar emails were reportedly sent to victims in the US and Mexico.

In this hack, the personal information of 560 million Ticketmaster customers around the world was stolen – cybercriminals then tried to sell that information online.

Ticketmaster did not respond to the BBC’s inquiry as to why it took so long to warn customers of the risks they face.

But in one email seen by the BBC, Ticketmaster says it was unable to notify them sooner because of an ongoing police investigation.

Previous reports of the breach came from the hackers themselves, followed by Ticketmaster’s announcement to its shareholders.

Ticketmaster confirmed that the hackers stole names and basic contact information, without saying what types of information were obtained.

The hackers also stole encrypted credit card details, but the company did not respond to a BBC request for more information about how secure the encryption is.

According to an email seen by the BBC, the firm is urging customers to monitor their online accounts, including bank statements, for any suspicious activity.

The company recommends that Canadian customers sign up for the identity tracking services that Ticketmaster pays for.

“Identity Monitoring will search for your personal information on the dark web and provide you with an alert for 1 year from the date of registration if your personal information is found online,” the company said.

Ticketmaster advises people to be wary of any suspicious-looking emails that appear to be from the company.

When a data breach occurs, it can sometimes lead to secondary hacking attempts or fraud by other criminals who use your data to trick you into sending them money or downloading malicious software.

However, this is rare and there is little evidence that it happens on a large scale.

The group responsible for the Ticketmaster hack is called ShinyHunters – it posted an ad on a hacking forum on May 28 offering the data of 560 million customers.

The gang is demanding $500,000 (£390,000) for the data and it is unclear if they have sold the tranche.

After days of investigation, it was revealed that the hackers had taken data from Ticketmaster by stealing credentials from Snowflake, the company it uses for its cloud storage account.

It then emerged that another 160 Snowflake clients had been targeted in the same way – with massive amounts of private and corporate data stolen.

Banking group Santander is one of those affected – 30 million of its customers in Chile, Spain and Uruguay have been hacked.

Cyber ​​security firm Mandiant – which investigated the attacks – says Snowflake itself was not compromised.

Mandiant says ShinyHunters, or the hackers who carried out the broader attacks, obtained credentials directly from each client company.

Ticketmaster owner Live Nation previously only confirmed the hack through a shareholder notice filed with the U.S. Securities and Exchange Commission.

It admitted to “unauthorized activity” on its database, but said the hack would not have any significant impact on its business.

Ticketmaster did not respond to multiple requests for comment from reporters before and after the filing.