Hacker group Shiny Hunters claims that the Ticketmaster breach is much larger than previously expected, with 193 million barcodes stolen, including 440,000 Taylor Swift tickets. Valued at $22 billion, they now demand $8 million from LiveNation!

The infamous hacker group in May 2024 ShinyHunters Violated Ticketmaster – LiveNationAs we know. However, the hackers have now released new details about the extent of their breach. These details have been published on the notorious cybercrime and hacker platform. Infringement forums Title “Ticketmaster event barcodes ‘Taylor Swift’ pt 1/65000.”

Shiny Hunters Skillet Ticket Master Breach;  440,000 Taylor Swift Eras Tour Tickets Leak
Shiny Hunters on the Breach Forums (Screenshot: hackread.com)

The breach was unveiled.

Shiny Hunters marked the Fourth of July with a disturbing announcement: They claimed to have stolen 440,000 tickets to Taylor Swift’s Eras tour. In a symbolic twist, he suggests that instead of Swift performing on her tour, she will “perform in front of Congress,” indicating the severity and public exposure of the violation.

Surprising numbers

The hackers provide an extensive breakdown of their hack:

  • Total exfiltrated barcodes: 193 million
  • Total Value of Stolen Tickets (TKT_FACE_VAL_AMT): $22,695,713,141.00 USD

A change in negotiations

According to ShinyHunters, the hackers initially accepted a $1 million offer from LiveNation to keep the breach under wraps. However, realizing the true value of the data they hold, they have increased their demand to $8 million. They justify the increase by stating that they have found ways to make the breach more expensive and complicated for the affected company.

Expanded scope

In addition to Taylor Swift tickets, ShinyHunters claims that:

  • 30 Million Tickets for 65,000 Events: Similar to Swift Tickets, valued at $4,665,615,212.00 USD.

Data at risk

The hackers detailed the broad nature of the stolen data, including:

  • 980 million sales orders
  • Details of 680 million orders
  • 1.2 billion party lookup records
  • 440 million unique email addresses
  • 4 million uncased and deductible records
  • 560 million AVS (Address Verification System) detailed records
  • 400 million encrypted credit card details with partial information

They boast that the breach is the largest publicly disclosed non-Scrap breach of customer personally identifiable information (PII) to date.

Shiny Hunters Skillet Ticket Master Breach;  440,000 Taylor Swift Eras Tour Tickets Leak
Screenshot from the leaked file (Screenshot: Hackread.com)


Hackread.com believes in transparency. Therefore, we are publicly disclosing that we used ChatGPT-4o to analyze the leaked data due to its complexity. Here is the breakdown and conclusion:

The leaked data contains detailed information about ticket sales for Taylor Swift's Eras Tour event, specifically for a concert at Lucas Oil Stadium in Indianapolis, Indiana. Here is a breakdown of the key data fields present in the leak:

Event Details:

EVENT_ID_SRC_SYS_CD: Source system code for the event.
EVENT_START: Date and time of the event.
EVENT_KEY: Unique identifier for the event.
EVENT_HEX: Hexadecimal representation of the event ID.
EVENT_ID: Numeric ID of the event.
EVENT_NAME: Name of the event (Taylor Swift | The Eras Tour).
EVENT_TIMEZONE: Timezone of the event.
EVENT_MULTIPLEDAYS: Indicator if the event spans multiple days.
EVENT_VENUE_COUNTRY: Country where the event is located.
EVENT_VENUE_STATE: State where the event is located.
EVENT_VENUE_CITY: City where the event is located.
EVENT_VENUE_POSTCODE: Postcode of the event venue.
EVENT_VENUE_ADDR1: Address line 1 of the venue.
EVENT_VENUE_ADDR2: Address line 2 of the venue (if applicable).
EVENT_VENUE_LONG: Longitude of the event venue.
EVENT_VENUE_LAT: Latitude of the event venue.
Ticket Details:

SALES_ORD_ID: Sales order ID.
SALES_ORD_TRAN_ID: Transaction ID related to the sales order.
BASE_TKT_TYPE_CD: Base ticket type code.
EXTENDED_TKT_TYPE_CD: Extended ticket type code.
TKT_BARCODE_VAL: Barcode value for the ticket.
SECT_NAME: Section name where the seat is located.
ROW_NUM: Row number of the seat.
SEAT_NUM: Seat number.
XNUM_CD: Additional numerical code related to the seat.
VEN_ID: Venue ID.
HOST_SYS_CD: Host system code.
HOST_VAX_ACCT_NUM: Host VAX account number.
HOST_ACCT_CREATE_DT: Date when the host account was created.
TKT_FACE_VAL_AMT: Face value amount of the ticket.
TRAN_VOID_FLG: Indicator if the transaction was voided.
TRAN_VOID_DT: Date when the transaction was voided (if applicable).
CPN_CAT_ID: Coupon category ID.
CPN_PWD_PRIM_VAL: Primary value of the coupon password.
QUALIFIER_NAME1/2/3: Qualifier names.
QUALIFIER_COMBO_ID: Qualifier combo ID.

Potential Uses of the Data

The barcode values (TKT_BARCODE_VAL) and seat details (section, row, seat numbers) can be used to create counterfeit tickets or resell tickets fraudulently.
Identity Theft and Financial Fraud:

The data includes host account creation dates and VAX account numbers, which could be leveraged to identify and exploit user accounts.
Phishing and Social Engineering Attacks:

With detailed personal information, attackers can craft convincing phishing emails or social engineering attacks targeting ticket buyers.
Market Analysis and Competitor Intelligence:

Competitors can analyze the pricing (TKT_FACE_VAL_AMT), seating arrangements, and sales data to understand Ticketmaster's market strategies.
Reputation Damage:

Public disclosure of this data can significantly harm Ticketmaster's reputation, causing loss of customer trust and future business.

The exposure of personally identifiable information (PII) might result in substantial fines from regulatory bodies and legal actions from affected customers.


The leaked data is highly sensitive and can be exploited in numerous malicious ways, from direct financial fraud to broader market implications and significant reputational damage for Ticketmaster. Immediate steps to mitigate these risks and protect affected customers are crucial.

Implications for Ticketmaster and Customers

This breach can have serious implications for Ticketmaster and its customers:

  1. Financial lossThe stolen tickets alone are worth billions of dollars. Additionally, the potential costs of managing a breach, compensating affected customers, and potential fines can be astronomical.
  2. Damage to reputation: Such a high-profile breach could seriously damage Ticketmaster’s reputation, which could damage customer confidence and future business.
  3. Customer influence: Stolen data includes highly sensitive information, such as encrypted credit card details and personal email addresses, putting millions of consumers at risk of identity theft and financial fraud.
  4. Increased security measures: This breach emphasizes the need to enhance security measures within the company to prevent future incidents.

Ticketmaster Breach by ShinyHunters Shows Cybersecurity Vulnerability to Cybercriminals Although Ticketmaster had previously admitted to the breach.As the situation evolves, it will be important for Ticketmaster to transparently address the breach, improve its security protocols, and work to restore customer trust. Meanwhile, users should be vigilant and monitor their accounts for any suspicious activity.

For more updates on this developing story, stay tuned!

  1. BreachForums returns under ShinyHunters Hackers.
  2. Alleged member of Shiny Hunters hacker group arrested
  3. TEG ticket vendor breach: 30 million user records for sale
  4. Shiny Hunters leaked 33 million Twilio phone numbers.
  5. ShinyHunters Hacks Santander Bank: 30M User Data for Sale
  6. Shiny Hunters leaked the database of Indian wedding site WedMeGood.
  7. AT&T breach of ShinyHunters selling AT&T database with 70M SSNs

Source link