Entertainment giant Live Nation has confirmed that its ticketing subsidiary Ticketmaster has been hacked.
Live Nation confirmed the data breach in a filing with government regulators late Friday after markets closed.
In his statement, Live Nation said the breach occurred on May 20 and that a cybercriminal “offered what purported to be the Company’s user data for sale via the dark web.” The company did not say who owns the personal information, although it is believed to be related to customers. It’s unclear why it took the company more than a week to publicly disclose the breach.
Live Nation said in its statement that it “detected unauthorized activity in a third-party cloud database environment containing company data.”
The company did not name the third-party cloud database in its statement.
A Ticketmaster representative, who did not give his name but responded from the company’s media email address, told TechCrunch that the stolen database was hosted on Snowflake, a Boston-based cloud storage and analytics company.
The Ticketmaster spokesman did not say how the data was extracted from Snowflake’s systems.
Snowflake she said in a post on Friday that it had notified a “limited number of customers that we believe may have been affected” by attacks that “targeted some of our customer accounts.” Snowflake did not describe the nature of the attacks or whether data was stolen from customer accounts.
Snowflake spokeswoman Danica Stanczak declined to comment on the record about the Ticketmaster breach.
Amazon Web Services also hosts much of Live Nation and Ticketmaster’s infrastructure, according to a customer case study that has since been removed on Amazon’s website.
Earlier this week, the administrator of a popular since-revived cybercrime forum called BreachForums alleged that it was selling the personal information of 560 million customers, including the alleged personal information of Ticketmaster customers, along with ticket sales and information of the customer card.
Until now, Live Nation had not commented on the data breach. Earlier this week, Australian authorities confirmed they were assisting Live Nation with a cyber security incident, and US cyber security agency CISA deferred comment to Live Nation.
TechCrunch on Friday obtained a portion of the allegedly stolen data containing thousands of files, including email addresses. This included several internal Ticketmaster email addresses used for testing, which are not public but appear as real Ticketmaster accounts. TechCrunch verified Friday that the files we reviewed belong to Ticketmaster customers.
TechCrunch verified the validity of these accounts by running the internal email addresses through Ticketmaster’s signup form. All accounts came back as real. (Ticketmaster throws an error if someone enters an email address that is already a real Ticketmaster account.)
Earlier in May, the Justice Department and 30 attorneys general sued Live Nation to break up the ticketing group, accusing Live Nation of monopolistic practices.
Updated with the response from Ticketmaster and the drop of Snowflake.
Know more about the Live Nation TicketMaster hack? Getting in touch. To contact this reporter, please contact Signal and WhatsApp at +1 646-755-8849 or via email. You can also send files and documents via SecureDrop.
