> In 2020 it admitted it hacked into one of its competitors and agreed to pay a $10m fine.<p>Lol, if an individual does this, you're going to go to jail. A company does this? Tiny fine. What a world we live in.
I feel sad saying this: I don't think it's right, but I worry less and less about these as time goes on; Not because I don't think it sucks, but because my information has been in so many breaches up to this point that I'm not sure what value there is left in any data that might appear in subsequent breaches.
vx-underground on Twitter,<p>> Based on data provided to us by the Threat Group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000's.<p>> NOTE: The data provided to us, even as a 'sample', was absurdly large and made it difficult to review in depth. We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.<p><a href="https://x.com/vxunderground/status/1796063116574314642" rel="nofollow">https://x.com/vxunderground/status/1796063116574314642</a><p>---<p>No official confirmation yet.
Interesting this is marketed for $500k as a "One Time Sale" (1)<p>I find the "honor amongst thieves" part so interesting in these breach stories<p>(1) Troy Hunt, via an "X" user has a screenshot to the actual sale -> <a href="https://x.com/troyhunt/status/1795551650553491870" rel="nofollow">https://x.com/troyhunt/status/1795551650553491870</a>
PS. I just wanted to note, this is by the same outfit also responsible for the Santander break. (Both, apparently, due to a successful breach of an upstream storage provider).-
On one hand, yes, there's a certain amount of schadenfreude here, because I have on multiple occasions been more or less annoyed by Ticketmaster. On the other hand, because I've used them quite a lot (because for many events, what other choice is there?), I can't say I'm terribly happy that my personal information has been so thoroughly exposed via this hack. And I'm more than a bit frustrated that Ticketmaster/Live Nation have been so careless and sloppy with their security - and employee training and vetting - to allow this to happen.
Boy I sure am glad that Ticketmaster <i>refused</i> to let me change my email address some months back when I was trying to clean up my profile and change the registered address from my_handle@gmail.com to my_handle+ticketmaster@gmail.com.
I continuously wonder how we keep building multi-billion dollar applications where both basic consumer protections aren’t in place and there’s almost no liability for the companies running them.<p>A kid working at McDonalds requires a safe food handling certificate, and the store will be shut down if an inspector sees their fridge is too warm.<p>Hopefully with E2E encryption, passkeys, and the like, the end of days is near for these massive data leaks, but without real consequences, these companies will never realize holding millions of people’s personal information is both a liability as well as an asset.
Looks to be officially confirmed. I just received the following email from Ticketek Australia:<p>> Dear Ticketek Customer,<p>> We are writing to let you know that Ticketek has become aware of a cyber incident impacting Ticketek Australia account holder information, which is stored in a cloud-based platform, hosted by a reputable, global third party supplier.<p>> We would like to reassure you that Ticketek has secure encryption methods in place for all passwords and your Ticketek account has not been compromised. In addition, we utilise secure encryption methods to handle credit card information and transactions are processed via a separate payment system which has not been impacted. Ticketek does not hold identity documents for its customers.<p>> Since our third party supplier brought this to our attention, over the past few days we have worked diligently to put every resource into completing an investigation, so that we can communicate with you as quickly as possible. We wanted to notify you early to enable you to take steps to protect your information as a precautionary measure.<p>> We have also notified the Australian Cyber Security Centre (ACSC) and we are liaising with the Office of the Australian Information Commissioner (OAIC) and the National Office of Cyber Security in relation to the incident.<p>Full email: <a href="https://imgur.com/a/HOwR98C" rel="nofollow">https://imgur.com/a/HOwR98C</a>
I assume Ticketmaster are fighting fires at the moment, or it could be coincidence, as I logged in to change my [unique to Ticketmaster] password and the 2FA confirmation appears to be broken, as it gave the same code 3 times and wouldn't accept it, plus the emails to reset the password aren't going out (or are going out slowly).<p>Hope you hashed, salted, peppered those passwords Ticketmaster. And I hope you were following PCI level 1 correctly otherwise if this is true then you're a bit fucked really aren't you.
> To its critics, it seems Ticketmaster may be experiencing some karma lately for years of being the bane of concertgoers' existence.<p>Ah yes, karma, that legendary force which revenges itself upon evil businesses like Ticketmaster by <i>checks notes</i> exposing the personal and financial information of their unwilling customers.
This is not verified. Mashable pulled a dirty headline by writing on this based on speculation.<p>The initial account that shared the sale had no reputation on the forums. But it was then reposted by one of the admins, and that is the only piece of credibility this story has.
Hopefully we get details on _how_ the snowflake employee was hacked.<p>It makes us wonder how things could be tightened up and what can be applied to our own organisations.<p>If the hackers got passwords then how come there wasn’t 2FA?<p>Or did they get a Trojan onto an employee computer and surf onto it the corporate vpn?<p>Or did they corrupt an employee?<p>Or did the evil maid or something?<p>And how long did they have access?<p>Or another approach?
Seems like a big deal, but pretty much the only data ticketmaster would have is a stored credit card, address, name, and purchase history. Right? Perhaps passwords are valuable because many folks reuse them across sites.<p>I don't see appreciable movement in their stock at all.
US Only: This is your regular data breach reminder to freeze your credit with all 3 credit bureaus, as well as with NCTUE. It's free to do, easy to lift when you need to, and helps prevent credit fraud (also known, incorrectly, as identity theft).
Good thing you can use fake data with Ticketmaster purchases and aren’t forced to display matching government ID for access to venues.<p>Oh, wait.<p>There should be real, criminal penalties for leaking authentic, government-ID PII these days.
I wonder if GDPR fines will get issued. If so hopefully the EU slaps on some processing fees and digital delivery fees and some admin fees and some notification fees on top of the fines.