In an ongoing extortion marketing campaign in opposition to Ticketmaster, risk actors have leaked nearly 39,000 print-at-home tickets for 150 upcoming concert events and occasions, together with Pearl Jam, Phish, Tate McCrae, and Foo Fighters.
The tickets have been leaked by a risk actor referred to as ‘Sp1derHunters,’ who’s promoting information stolen in latest information theft assaults from Snowflake accounts.
In April, risk actors started downloading Snowflake databases of not less than 165 organizations utilizing credentials stolen by information-stealing malware.
In Could, a well known risk actor named ShinyHunters started promoting the alleged information of 560 million Ticketmaster prospects, claiming it was stolen from Snowflake. Ticketmaster later confirmed that its information was stolen from their Snowflake account.
On the time, the risk actors demanded that Ticketmaster pay them $500,000 in order that the information wouldn’t be leaked or bought to different risk actors.
Nevertheless, every week in the past, the identical risk actors leaked 166,000 Taylor Swift ticket barcodes, demanding the next $2 million extortion demand.
Ticketmaster responded by saying that the information is ineffective as their anti-fraud measures continuously rotate to distinctive cell barcodes.
“Ticketmaster’s SafeTix know-how protects tickets by routinely refreshing a brand new and distinctive barcode each few seconds so it can’t be stolen or copied,” Ticketmaster advised BleepingComputer.
Hackers reply
Right this moment, Sp1d3rHunters responded to Ticketmaster’s assertion, saying that quite a few print-at-home tickets have been stolen whose barcodes can’t be rotated.
“Ticketmaster lies to the general public and says barcodes cannot be used. Tickets database consists of each on-line and bodily ticket varieties,” the risk actor posted to a hacking discussion board.
“Bodily ticket varieties are Ticketfast, e-ticket, and mail. These are printed and cannot be routinely refreshed.”
The submit features a hyperlink to a CSV file containing the barcode information for 38,745 TicketFast tickets, Ticketmaster’s print-at-home ticketing answer.
A evaluate of the information by BleepingComputer exhibits ticket information for 154 occasions and concert events, together with these for Aerosmith, Alanis Morissette, Billy Joel & Sting, Bruce Springsteen, Carrie Underwood, Cirque du Soleil, Dave Matthews Band, Foo Fighters, Metallica, Pearl Jam, Phish, P!NK, Pink Scorching Chili Peppers, Stevie Nicks, STING, Tate McRae, and $uicideboy$.
Supply: BleepingComputer
When buying tickets by Ticketmaster, you’ll be able to settle for supply by TicketFast at some venues and occasions. Utilizing this supply methodology, your tickets will likely be despatched as a PDF by way of e mail, which you’ll then print out and produce with you to the occasion.
As these should not cell tickets, the risk actors declare that Ticketmaster can not rotate the barcodes utilizing its disclosed anti-fraud mechanism. As a substitute, they need to void and reissue the tickets to those that used the service.
The risk actors additionally included a information on changing the leaked ticket information right into a scannable barcode that can be utilized to create tickets utilizing TicketFast print-at-home templates that company prospects use.
BleepingComputer contacted Ticketmaster to substantiate how they’d deal with these tickets however has not acquired a response but.
The risk actors have beforehand tried to extort quite a few different firms whose Snowflake information was stolen, together with Neiman Marcus, Los Angeles Unified Faculty District, Advance Auto Components, Pure Storage, and Satander.
