In an ongoing extortion campaign against Ticketmaster, threat actors have leaked nearly 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCreary, and the Foo Fighters.
The tickets were leaked by a threat actor known as ‘Sp1derHunters’, who have been selling data stolen from Snowflake accounts in recent data theft attacks.
In April, threat actors began downloading the Snowflake databases of at least 165 organizations using credentials stolen by the information-stealing malware.
In May, a well-known threat actor named Shiny Hunters reportedly began selling. Data from 560 million Ticketmaster customers, claiming it was stolen from Snowflake. Ticketmaster later confirmed that his data had been stolen from his Snowflake account.
At the time, the threat actors demanded that Ticketmaster pay them $500,000 so that the data would not be leaked or sold to other threat actors.
However, the same threatening actor a week ago 166,000 Taylor Swift ticket barcodes leakedMore than $2 million in damages.
Ticketmaster responded by saying that the data was useless because their anti-fraud measures constantly revolved around unique mobile barcodes.
Ticketmaster’s SafeTix technology protects tickets by automatically updating a new and unique barcode every few seconds so it can’t be stolen or copied, Ticketmaster told Bleeping Computer.
Hackers respond.
Today, Sp1d3rHunters responded to Ticketmaster’s statement saying that a number of print-at-home tickets with barcodes that cannot be rotated have been stolen.
“Ticketmaster lies to the public and says that barcodes cannot be used. The ticket database includes both online and physical ticket types,” the threat actor posted on the hacking forum.
“Physical ticket types are Ticket Fast, e-Ticket and Mail. These are printed and cannot be automatically refreshed.”
The post included a link to a CSV file containing barcode data for 38,745 TicketFast tickets, Ticketmaster’s print-at-home ticketing solution.
A review of BleepingComputer’s data shows ticket data for 154 events and concerts, including Aerosmith, Alanis Morissette, Billy Joel & Sting, Bruce Springsteen, Carrie Underwood, Cirque du Soleil, Dave Matthews Band, Foo Fighters, Metallica, Pearl Jam. are , Phish, P!NK, Red Hot Chili Peppers, Stevie Nicks, SING, Tate McRae, and $uicideboy$.
When purchasing tickets through Ticketmaster, you may accept delivery through TicketFast at certain venues and events. Using this delivery method, your tickets will be emailed as a PDF, which you can print out and bring with you to the event.
Because these are not mobile tickets, threat actors claim that Ticketmaster cannot rotate the barcodes using its disclosed anti-fraud mechanisms. Instead, they should cancel and reissue tickets to service users.
Threat actors also include a guide on how to convert leaked ticket data into a scannable barcode that can be used to generate tickets. Ticket Fast Print-at-Home Templates which are used by corporate customers.
Bleeping Computer contacted Ticketmaster to confirm how they will handle these tickets but has yet to receive a response.
Threat actors have previously attempted to rob a number of other companies whose Snowflake data was stolen, including Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Net storageAnd Devil.