Gig colossus Live Nation confirms a significant data breach at Ticketmaster, compromising the personal information of their clients.
Live Nation and Ticketmaster Data Breach: Over 560 Million Customers Affected
In a significant turn of events, Live Nation Entertainment, the parent company of Ticketmaster, has been hit by a data breach affecting over 560 million customers. The breach was first detected on May 20, 2024, and involves a third-party cloud database provider named Snowflake.
The breach, which occurred between April 2, 2024, and May 18, 2024, saw hackers access sensitive customer data including names, geolocations, phone records, and ticket barcodes. This makes it one of the largest data compromises in recent history.
The hackers, who have been linked to the ShinyHunters hacking group, used the stolen data in ongoing extortion campaigns. They leaked tens of thousands of print-at-home tickets for various concerts and events, including high-profile events like Taylor Swift's Eras Tour. Threats were made to leak more data unless a $2 million ransom was paid.
Ticketmaster and Live Nation have started notifying customers impacted by the breach. It is reported that hackers exploited reused usernames and passwords from other platforms to gain access.
The investigation into the breach is ongoing, with law enforcement actively tracking involved cybercrime groups and trying to mitigate further damage. French police have already arrested five operators of the BreachForum cybercrime forum, a site used to leak and sell stolen data, which facilitated leaking of Ticketmaster-related data.
Live Nation, in its incident disclosure, has stated that the breach is not likely to have a material impact on their overall business operations, financial condition, or results of operations. The company is working to mitigate risk to users and the company, and is cooperating with law enforcement.
However, details about the method of intrusion, the type and amount of data stolen, and the current status of the breach are not disclosed in Live Nation's incident disclosure. The compromised data primarily belongs to Ticketmaster.
The cybercrime spree targeting Snowflake's customers has affected multiple enterprises, with the Live Nation breach being one of the most high-profile cases. Snowflake itself is responding to the targeted threat campaign against some customer accounts.
As of August 2025, the investigation into the breach is ongoing, with customers being notified and law enforcement actively tracking involved cybercrime groups. The Cybersecurity and Infrastructure Security Agency has referred all inquiries back to Ticketmaster. BreachForums, the dark web marketplace where the compromised data was offered for sale, returned online earlier this month after indicating it was taken down by the FBI and international law enforcement agencies.
[1] [Source 1] [2] [Source 2] [3] [Source 3]
- The data breach at Live Nation and Ticketmaster, affecting over 560 million customers, highlights the importance of robust cybersecurity in data-and-cloud-computing.
- The cybercrime spree, involving the ShinyHunters hacking group, has led to the stolen data from the breach being used in general-news-worthy extortion campaigns, including leaks of print-at-home tickets and threats to leak more data.
- The ongoing investigation into the data breach is focusing not only on the hackers involved but also on the method of intrusion, the type and amount of data stolen, and the current status of the breach, with law enforcement agencies trying to mitigate further damage in crime-and-justice matters.
