SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Millions of customers urged to take action after Ticketmaster data breach

Thu, 30th May 2024

The personal information of more than 500 million customers has been compromised, following a major Ticketmaster data breach.

Ticketmaster, a popular global ticket sales website, was reportedly hacked by ShinyHunters, who offered 560 million customers' stolen data for sale on the dark web earlier this week.

In response to the incident, cybersecurity experts are now urging affected customers to take immediate action to protect themselves.

Ani Chaudhuri, Co-Founder and CEO of Dasera told TechDay that customers must monitor their financial accounts for suspicious activity.

He said users must "change passwords for their Ticketmaster accounts and any other accounts using the same credentials, and enable multi-factor authentication (MFA) where possible."

Chaudhuri highlighted the importance of being vigilant against phishing attempts, as hackers often use leaked information to orchestrate more sophisticated scams.

He said the alleged breach highlights the need for Ticketmaster to improve its security measures.

"Organisations need to stay one step ahead of well-known threat actors like ShinyHunters," he said.

"This requires a combination of advanced threat intelligence and proactive defence strategies. Deploying data security posture management platforms and behavior-based detection systems can help identify and stop attacks in real-time. Regularly updating threat intelligence databases and participating in information-sharing initiatives with other companies and Government agencies can enhance an organisation's ability to anticipate and thwart attacks."

Chaudhuri added securing vast datasets presents numerous challenges. He outlined several key strategies for mitigating the risks, including "comprehensive data visibility and classification."

"Auto-discovery and classification of all data across cloud and on-premises environments are crucial. This helps organisations gain a complete view of their data landscape, enabling them to implement effective security measures," he said.

He stressed the pivotal role of encryption and stringent access controls.

"Encrypting data both in transit and at rest, complemented by granular access controls, ensures that only authorised personnel can access sensitive information," Chaudhuri noted.

"Continuous monitoring and automated detection play vital roles in identifying and responding to real-time threats, while privileges and access analysis help maintain a zero-trust security model.

Australia's Department of Home Affairs has confirmed it is aware of the cyber incident affecting Ticketmaster, though the company has yet to provide specific details about the breach.

Meanwhile, Javvad Malik, Security Awareness Advocate at KnowBe4, described the breach to TechDay as "a significant issue" due to the "vast amount of personal information" collected by TicketMaster.

"It's easy to see how Ticketmaster holds a tremendous amount of customer data. Cyber-criminals know this and use it to their advantage to request what is often a huge ransom from the victims."

"Ransomware gangs now often seek to profit by exfiltrating data and then demanding ransoms to avoid public disclosure or resale," Malik added.

He stressed the importance of robust protections against ransomware attacks, especially for organisations that handle substantial amounts of personal data.

"Employee education and training on spotting phishing attacks, combined with technologies to detect data exfiltration and halt ransomware encryption processes, are critical components of any modern security program," Malik said.

Chaudhuri added the breach sheds light on the ongoing challenges of data security for larger organisations.

He said while current encryption and data protection technologies are essential, "continuous improvement is necessary."

"The Ticketmaster breach underscores the need for adopting data security platforms and zero-trust architecture, where every access request is thoroughly vetted. Regular software and system updates are non-negotiable."

He believes Ticketmaster should be "transparent about the breach, its impact, and the measures being taken to prevent future incidents" to regain credibility.

"Offering support services like credit monitoring can help rebuild trust," Chaudhuri suggested.

He is now calling for a comprehensive review and overhaul of Ticketmaster's cybersecurity infrastructure, and to communicate it clearly to the public. 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X