Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Ticketmaster Data Hack Hits Half a Billion Customers: What to Do

Hacker group puts sale of sensitive personal information on dark web


spinner image digital binary code on dark red background
AARP (source: Getty Images (2), NurPhoto via AP Newsroom (1))

Your name, address, credit card, email and other personally identifiable information may have been exposed if you bought tickets online to a concert, Broadway show or sporting event through Ticketmaster.

On May 31, Ticketmaster’s parent company, Live Nation Entertainment, revealed in an 8-K filing with the federal Securities and Exchange Commission that about a week and a half earlier, it had discovered unauthorized activity regarding Ticketmaster data. A public company files an 8-K when an unexpected major event occurs of interest to shareholders and investors.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. Find out how much you could save in a year with a membership. Learn more.

Join Now

Live Nation’s investigation found that the data was for sale on the dark web, the secretive corridors of the internet where criminals barter illegally obtained consumer information.

Hacker group claims to be responsible

The regulatory filing appears to confirm claims from a hacker group known as ShinyHunters that it was responsible for the theft, which reportedly amounted to 1.3 terabytes of personally identifiable information on 560 million Ticketmaster customers. The stolen data was said to carry a one-time price of $500,000.

ShinyHunters may also be behind a recent data breach at Santander Bank, based in Spain but with branches in Florida and eight mid-Atlantic and New England states. Data from some 30 million bank customers was exposed as part of that hack.

Other reports suggest that the cyberattacks may have been launched against a cloud-hosting provider named Snowflake that large companies use to store mountains of data. In the SEC filing, Live Nation-Ticketmaster didn’t mention Snowflake.

Nor did Snowflake mention Live Nation-Ticketmaster in a blog post that read in part, “We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration or breach of Snowflake’s platform.” But it also acknowledged, “We did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data.”

Assume the worst about your data

“I think it is fair to assume that your info has been exposed from at least one of these mega-breaches we’ve had in recent years,” says Odysseas Papadimitriou, chief executive of the WalletHub mobile app and personal finance site. “The Ticketmaster breach is not only the latest, it’s a huge one.”

Live Nation-Ticketmaster did not respond to an AARP request for comment but said in the SEC filing that it is notifying customers who may have been affected and is “working to mitigate risk to our users.”

How to fight back against potential ID theft

The security rupture is a reminder that you can take steps to mitigate the risk to your personal data:

1. Practice safe password hygiene. Too many people fail to heed this basic yet important advice. Passwords should be simple enough for you to remember but not easy for anyone else to guess. Resist using a password with, say, your wedding anniversary date or the name of your dog or cat.

Instead, employ a string of upper- and lowercase letters, numbers and special characters — the lengthier the better. Consider using password manager software that can automatically generate robust passwords. And never use the same or similar passwords across multiple accounts.

Technology & Wireless

Consumer Cellular

5% off monthly fees and 30% off accessories

See more Technology & Wireless offers >

2. Employ two-factor authentication. Also known as multifactor authentication, this step adds a secondary form of validation, typically through a one-time code provided by a text or phone call or through an app. Do not reveal the code to a stranger.

3. Check credit card statements. Watch out for suspicious or unauthorized charges.

4. Keep an eye on your Ticketmaster account. If you have tickets to an upcoming event purchased through Ticketmaster, WalletHub suggests looking out for emails or notifications of unauthorized transfers of those tickets to someone else.

5. Monitor and freeze your credit report. Scrutinize your credit report at least once a year and contact the credit reporting agency — Equifax, Experian or TransUnion — if something seems out of whack.

If you’re not actively seeking credit, consider freezing the report, which makes it harder for would-be identify thieves to open accounts in your name. The reporting agencies can supply instructions.

These haven’t exactly been the best of times for Live Nation-Ticketmaster. Apart from the data breach, the federal Justice Department and 30 state attorneys general sued the company May 23 over alleged monopolistic abuse and what the government labeled the “Ticketmaster tax: the seemingly endless set of fees ironically named ‘service fee’ or ‘convenience fee’ when they are anything but.”

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?