The latest Ticketmaster leak impacts top celebrities and events including Taylor Swift, Jennifer Lopez, and Justin Timberlake concerts. Hackers claim barcodes can’t be refreshed, undermining security.
Ticketmaster hackers have released 10 million tickets, including barcodes for high-profile events featuring top celebrities like Taylor Swift, Jennifer Lopez, and Justin Timberlake. This latest attack directly challenges Ticketmaster’s “SafeTix” technology, which is designed to prevent ticket theft by continuously refreshing barcodes.
The hackers posted the data on Breach Forums early this morning, claiming that the barcodes cannot be refreshed, undermining Ticketmaster’s security measures specifically designed for mobile tickets.
According to threat actors behind the latest leak, the data includes mail and e-ticket event barcodes for hundreds of events, inviting users to print their own tickets from home without fear of the barcodes changing.
Top Events Affected:
As seen by the Hackread.com Research Team, the leaked data impacts the following celebrities and events:
- Taylor Swift: 175,000 tickets
- Jennifer Lopez: 143,000 tickets
- Justin Timberlake: 205,000 tickets
- Morgan Wallen: 350,000 tickets
- Foo Fighters: 320,000 tickets
- Kacey Musgraves: 205,000 tickets
- P!NK: 170,000 tickets
- Rolling Stones: 100,000 tickets
- Pearl Jam: 100,000 tickets
- Hozier: 400,000 tickets
Data Analysis
The ticket industry is a complicated one. Although Hackread.com has over a decade of experience in data breach analysis, things can be tricky sometimes. Therefore, we used ChatGPT-4o to analyze a small sample from the leak. Here’s what it found:
"The dataset appears to be a detailed extract of Ticketmaster ticket sales for an upcoming event featuring Jennifer Lopez. The data includes various details about the tickets, such as sales order ID, delivery type, event details, ticket barcode values, seat information, pricing, and venue information. Here’s a breakdown of the key columns and their meanings:
SALES_ORD_ID: Unique identifier for the sales order.
DELIVERY_TYPE_CD: Type of ticket delivery, e.g., "eTicket" or "Mail".
EVENT_ID: Unique identifier for the event.
EVENT_NAME: Name of the event (e.g., Jennifer Lopez: This Is Me...Live).
EVENT_LOCALDATE: Local date of the event.
EVENT_LOCALTIME: Local time of the event.
TKT_BARCODE_VAL: Barcode value for the ticket.
SECT_NAME: Name of the section where the seat is located.
ROW_NUM: Row number for the seat.
SEAT_NUM: Seat number.
SRC_EVENT_ID: Source event ID (not provided in this data).
TKT_FACE_VAL_AMT: Face value amount of the ticket.
EVENT_VENUE_NAME: Name of the venue (e.g., Scotiabank Arena).
EVENT_VENUE_CITY: City where the event is taking place (e.g., Toronto).
EVENT_VENUE_STATE: State or province where the event is taking place (e.g., Ontario).
EVENT_VENUE_COUNTRY: Country where the event is taking place (e.g., CA for Canada).
SERVICE_CHARGE_AMT: Service charge amount for the ticket.
HOST_SYS_CD: Host system code.
HOST_VAX_ACCT_NUM: Host VAX account number.
EXTENDED_TKT_TYPE_CD: Extended ticket type code.
BASE_TKT_TYPE_CD: Base ticket type code.
XNUM_CD: Extended number code.
VEN_ID: Venue ID.
QUALIFIER_NAME1: Qualifier name 1.
QUALIFIER_NAME2: Qualifier name 2.
QUALIFIER_NAME3: Qualifier name 3.
QUALIFIER_COMBO_ID: Qualifier combo ID.
CPN_CAT_ID: Coupon category ID.
CPN_PWD_PRIM_VAL: Coupon password primary value.
MEMBERDB_SALES_ORD_ID: Member database sales order ID.
ORD_CREATE_OPR_CD: Order create operator code.
SALES_PLATFORM_CD: Sales platform code.
EVENT_KEY: Event key.
EVENT_HEX: Event hexadecimal code.
EVENT_TIMEZONE: Timezone of the event.
EVENT_URL: URL of the event page on Ticketmaster.
EVENT_VENUE_KEY: Venue key.
EVENT_VENUE_POSTCODE: Venue postcode.
EVENT_VENUE_ADDR1: Venue address line 1.
EVENT_VENUE_ADDR2: Venue address line 2.
EVENT_VENUE_LONG: Longitude of the venue.
EVENT_VENUE_LAT: Latitude of the venue.
Key Points:
Event Information: All entries are for the event "Jennifer Lopez: This Is Me...Live" on August 2, 2024, at 8:00 PM, held at Scotiabank Arena in Toronto, Ontario, Canada.
Ticket Delivery Type: Tickets are either "eTicket" or "Mail".
Ticket Details: Includes section, row, and seat number, along with the barcode value.
Pricing: Face value and service charge amounts are included.
Venue Details: Information about the venue's name, city, state, country, postal code, and geographical coordinates.
Sales Platform: Tickets were sold through different platforms such as mobile, desktop, and webview.
MOST CRUCIAL:
The dataset includes critical details that could be used to create counterfeit tickets if it falls into the wrong hands. Here’s why:
Ticket Barcode Values: Each entry contains a unique TKT_BARCODE_VAL which is the barcode value for the ticket. This barcode is what gets scanned at the event venue to verify the ticket’s authenticity and entry validity.
Event Details: The dataset includes the exact date, time, and location of the event. This information is essential for generating a legitimate-looking ticket.
Seating Information: Detailed seating information (section, row, and seat number) is provided, which would allow for the creation of tickets that look real and are specific to certain seats.
Face Value and Service Charges: Knowing the exact face value and service charges helps to make the counterfeit ticket pricing appear genuine.
Venue Information: The venue’s name, address, and even geographical coordinates are available, which are typically included on a printed ticket.
URLs: The dataset includes URLs that could potentially be used to fetch additional event-specific information or resources to further validate the counterfeit ticket.
If someone has access to this dataset, they can potentially print their own tickets using the barcodes provided. The challenge for Ticketmaster would be to differentiate between legitimate and counterfeit tickets, especially if the barcodes are static and not refreshed regularly."
Previous Leaks:
The latest leak is part of the hacking spree the threat actors unleashed against Ticketmaster back in May 2024 when the ShinyHunters hacking group claimed responsibility for stealing data from 560 million Ticketmaster users.
On July 8, 2024, hackers leaked 30,000 ticket barcodes for major events, including a DIY guide on how to create physical tickets from the leaked data. Earlier leaks on July 4 and 5, 2024 involved 44,000 and 170,000 ticket barcodes related to Taylor Swift’s The Eras Tour, respectively. In total, the hackers announced stealing a treasure trove of data including the following:
- 980 million sales orders
- 680 million order details
- 1.2 billion party lookup records
- 440 million unique email addresses
- 4 million uncased and deduped records
- 560 million AVS (Address Verification System) detail records
- 400 million encrypted credit card details with partial information.
It is worth mentioning that ShinyHunters and Sp1d3rHunters are two different individuals but are affiliated with the group behind the Ticketmaster data breach.
Nevertheless, Ticketmaster faces increasing pressure to reinforce its security protocols and regain public trust. The company has yet to comment on the latest leak and its implications for the “SafeTix” technology. Stay tuned for further updates on this developing story.