In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters.
The tickets were leaked by a threat actor known as ‘Sp1derHunters,’ who is selling data stolen in recent data theft attacks from Snowflake accounts.
In April, threat actors began downloading Snowflake databases of at least 165 organizations using credentials stolen by information-stealing malware.
In May, a well-known threat actor named ShinyHunters began selling the alleged data of 560 million Ticketmaster customers, claiming it was stolen from Snowflake. Ticketmaster later confirmed that its data was stolen from their Snowflake account.
At the time, the threat actors demanded that Ticketmaster pay them $500,000 so that the data would not be leaked or sold to other threat actors.
However, a week ago, the same threat actors leaked 166,000 Taylor Swift ticket barcodes, demanding a higher $2 million extortion demand.
Ticketmaster responded by saying that the data is useless as their anti-fraud measures constantly rotate to unique mobile barcodes.
“Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied,” Ticketmaster told BleepingComputer.
Hackers respond
Today, Sp1d3rHunters responded to Ticketmaster’s statement, saying that numerous print-at-home tickets were stolen whose barcodes cannot be rotated.
“Ticketmaster lies to the public and says barcodes can not be used. Tickets database includes both online and physical ticket types,” the threat actor posted to a hacking forum.
“Physical ticket types are Ticketfast, e-ticket, and mail. These are printed and can not be automatically refreshed.”
The post includes a link to a CSV file containing the barcode data for 38,745 TicketFast tickets, Ticketmaster’s print-at-home ticketing solution.
A review of the data by BleepingComputer shows ticket data for 154 events and concerts, including those for Aerosmith, Alanis Morissette, Billy Joel & Sting, Bruce Springsteen, Carrie Underwood, Cirque du Soleil, Dave Matthews Band, Foo Fighters, Metallica, Pearl Jam, Phish, P!NK, Red Hot Chili Peppers, Stevie Nicks, STING, Tate McRae, and $uicideboy$.
When purchasing tickets through Ticketmaster, you can accept delivery through TicketFast at some venues and events. Using this delivery method, your tickets will be sent as a PDF via email, which you can then print out and bring with you to the event.
As these are not mobile tickets, the threat actors claim that Ticketmaster cannot rotate the barcodes using its disclosed anti-fraud mechanism. Instead, they must void and reissue the tickets to those who used the service.
The threat actors also included a guide on converting the leaked ticket data into a scannable barcode that can be used to create tickets using TicketFast print-at-home templates that corporate customers use.
BleepingComputer contacted Ticketmaster to confirm how they would handle these tickets but has not received a response yet.
The threat actors have previously attempted to extort numerous other companies whose Snowflake data was stolen, including Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.