Ticketmaster breach prompts security leaders to react

Ticketmaster breach prompts security leaders to react

The ShinyHunters threat operation has claimed responsibility for the alleged hacking of Ticketmaster, stating that they have stolen the personal information of 560 million users. The breached information includes full names, emails, phone numbers, addresses, event details, ticket sale information, and order specifics. According to the ShinyHunters group, they also possess credit card details, but only the last four digits and expiration dates. They are offering the database for sale at $500,000.

Security leaders share their thoughts

Toby Lewis, Global Head of Threat Analysis at Darktrace:

“The alleged attack on Ticketmaster serves as a reminder that every organization is vulnerable to cyber threats. However, it is important to approach this incident with caution until more details are confirmed, especially considering the timing of the data being offered on the relaunched BreachForums site, which raises doubts about its authenticity.

“If the breach is confirmed, Ticketmaster must be transparent about the extent of the data accessed. Customers can protect themselves by changing their passwords and monitoring their accounts. However, this may be ineffective if the attackers still have access or if there was no breach to begin with.

“It is recommended to await confirmation and follow instructions from Ticketmaster’s incident response teams. While changing passwords proactively is advisable, customers should be prepared to do so again if necessary.

“Cybersecurity should be a top priority for businesses. AI tools can help automate prevention and response procedures, allowing for proactive defense. Until more information is available, customers should remain vigilant but refrain from making assumptions about the scale or impact of this alleged breach.”

Narayana Pappu, CEO at Zendata:

“Potentially affected Ticketmaster customers should monitor their email for any new account setups and their credit/debit cards for transactions. I also recommend setting a pin with their cell phone providers to safeguard against SIM swaps.

“Ticketmaster holds a significant market share in ticket sales, and events like this can have long-lasting repercussions. Previous breaches have led companies to lose market share to competitors. The examples of the Ashley Madison and Equifax breaches come to mind.”

John Bambenek, President at Bambenek Consulting:

“Fortunately, some of the more sensitive data, such as full card numbers, has not been compromised, indicating that the data could be used for targeted phishing schemes. This explains why the price of the database is relatively low compared to the number of records. Consumers may encounter this in the coming months.

“Ticketmaster has a near-monopoly in its industry. Since the risks customers face may manifest in the future through phishing attempts, the current impact may be minimal. Consumer indifference to data breaches contributes to industry complacency.”

Debrup Ghosh, Sr. Staff Product Manager at Synopsys Software Integrity Group:

“Companies operating digital marketplaces must prioritize safeguarding crucial customer data, particularly personally identifiable information (PII). In the digital age, data is a valuable commodity, so companies must protect not only their IP but also customer data for studying consumer preferences and enhancing product offerings. Companies should invest in both detection and prevention technologies to mitigate cyberattack risks. Incidents like this erode consumer trust and can result in financial losses and legal penalties that impact the business.”

Roy Akerman, CEO & Co-Founder at Rezonate:

“We must acknowledge that user identities are highly valuable and should be secured accordingly. As per the 2024 Verizon Data Breach Report, 68% of breaches are due to human error and one-third are caused by misconfigurations and other issues. Therefore, it is essential to invest in security solutions that establish a baseline for user behavior within the organization’s network. This approach helps detect anomalies, address them promptly, and respond to potential threats before they escalate into breaches. In the current landscape, the question is not if a breach will happen, but when. Therefore, prioritizing investment in modern security solutions and promoting a security-aware culture across the entire organization is crucial.”

Jim Routh, Chief Trust Officer at Saviynt:

“Ticket brokers generate large volumes of valuable transaction data and personal information easily exploitable by cybercriminals, necessitating robust cybersecurity measures, especially when dealing with third-party cloud providers. Enterprises have the opportunity to enhance identity management practices for third parties, including ticket brokers.”

Philip Odence, Synopsys Software Integrity Group:

“Recent data breaches targeting Ticketmaster, Snowflake, and others demonstrate that companies making headlines are attractive targets for bad actors. Our Black Duck Audit private equity clients often report a significant increase in attacks on newly acquired portfolio companies following announcements. There is no logical explanation for this trend, but it serves as a reminder that organizations preparing for major events need to ensure that their cybersecurity practices are operating at full capacity.”

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC