Sign up for IQ Index
The latest industry news to your inbox.
A man alleged to be the ringleader behind the Ticketmaster data hack earlier this year could face extradition to the US after being arrested in Canada.
Alexander “Connor” Moucka was detained on 30 October following a request from the US government and appeared in court later that day, and again on Tuesday (5 November).
Moucka is suspected of being part of a group that targeted more than 160 companies that were customers of cloud-based data storage company Snowflake.
“As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case,” says Ian McLeod, spokesperson for Canada’s Department of Justice, as per Bloomberg.
It was reported in May that hackers had stolen the personal details of 560 million Ticketmaster customers, prompting an investigation by Live Nation. Other firms reportedly targeted included Disney, Roku and telecoms giant AT&T.
A multi-million dollar class action lawsuit was filed against Ticketmaster and Live Nation in California in October, alleging negligence
The ShinyHunters hacking group was said to be demanding a US$500,000 ransom payment for the 1.3 TB of stolen data, which allegedly includes partial credit card details, customer names, addresses and emails.
“Live Nation… identified unauthorised activity within a third-party cloud database environment containing company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened,” it said in a regulatory filing with the US Securities and Exchange Commission (SEC).
A class action lawsuit against Ticketmaster and Live Nation over the hack was filed in California last month, alleging negligence, and is seeking $5 million in damages.
“Plaintiff brings this class action against defendant for its failure to properly secure and safeguard the personally identifiable information of its customers.”
The suit alleges that Ticketmaster did not discover the breach, which took place on 2 April, until nearly seven weeks later and did not inform users until 17 July.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.
Live Nation has launched an investigation after confirming that its Ticketmaster subsidiary has suffered a data leak.
It was reported last week that hackers had stolen the personal details of 560 million Ticketmaster customers, with a spokesperson for Australia’s department of home affairs spokesperson saying it was “working with Ticketmaster to understand the incident”.
The ShinyHunters hacking group is said to be demanding a US$500,000 (€462,000) ransom payment for the 1.3 TB of stolen data, which allegedly includes partial credit card details, customer names, addresses and emails.
In a regulatory filing with the US Securities and Exchange Commission (SEC), Live Nation says the hack was detected on 20 May.
“On May 20, 2024, Live Nation… identified unauthorised activity within a third-party cloud database environment containing company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened,” says the statement.
“On May 27, 2024, a criminal threat actor offered what it alleged to be company user data for sale via the dark web. We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.
“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.”
“AEG has long maintained that Ticketmaster has a monopoly in the US ticketing marketplace”
Meanwhile, AEG Presents CEO Jay Marciano has weighed in on the US Department of Justice’s (DOJ) antitrust lawsuit against Live Nation, branding LN a “monopoly”.
In a memo to staff obtained by Variety, Marciano said: “AEG has long maintained that Ticketmaster has a monopoly in the US ticketing marketplace and uses that monopoly power to subsidise Live Nation’s content businesses, preventing other businesses from competing in those areas and leaving consumers to suffer the consequences.
“As you know, the cornerstone of Live Nation’s monopoly is Ticketmaster’s exclusive ticketing contracts with the vast majority of major concert venues in the United States. These agreements block competition and innovation and result in higher ticketing fees, denying artists the ability to choose who will ticket their shows and how much their fans should pay.”
In response, Live Nation’s Dan Wall says in a statement: “This is why antitrust protects competition, not competitors trying to use the courts to advance their own interests. AEG supports this case — indeed, begged DOJ to file it — because it doesn’t want to pay artists market rates or convince venues to adopt its second-rate ticketing system exclusively.
“Its complaints about service charges are hypocritical since it could lower AXS service charges today if it really cared about that. Self-serving arguments like these are common in antitrust cases, but rightly ignored.”
Live Nation share price has risen slightly today to $US93.74, giving the company a market capitalisation of $21.7 billion.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.
The personal data of tens of thousands of attendees of Tomorrowland 2014 has been compromised in a suspected cyberattack, the festival has confirmed.
Personal information of 64,000 people who bought tickets through Paylogic, including names, email addresses and postcodes, may have been stolen after hackers gained access to an old festival database, although sensitive data such as payment information was not affected, according to Tomorrowland press coordinator Debby Wilmsen
Speaking to Flemish-language daily De Standaard, Wilmsen says the Belgian festival, one of the world’s largest electronic dance music (EDM) events, reported the breach to the Dutch Data Protection Authority before contacting customers.
“The managers of the Paylogic ticketing system noticed some unusual activity on an older system,” she explains. “After careful analysis, it appeared that an old database from Tomorrowland 2014 was responsible. The server in question was immediately taken offline.”
“An old database from Tomorrowland 2014 was responsible. The server in question was immediately taken offline”
“When we were informed about this by Paylogic, we first informed the Data Protection Authority. We then decided to send an email to all affected visitors to inform them.”
The data that was compromised, she adds, “only contains [visitors’] names, email address, gender, age and postal code. The payment details, passwords and addresses of the users are not included.”
News of the Paylogic breach follows similar hacks of other ticketing systems, including Ticketmaster and, more seriously, Eventbrite’s Ticketfly, both this summer.
In a statement, Paylogic (now owned by France’s Vivendi) says it has “taken all necessary actions” to prevent access to other old databases. “We also continue to invest in the security of our system,” it adds. “This incident only affects Tomorrowland 2014 and not our other customers.”
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.
Eventbrite is facing a class-action lawsuit over allegations Ticketfly’s “lax cybersecurity procedures” allowed hackers to gain access to 27 million customers’ personal data in May’s cyberattack.
Personal information including names, addresses, email addresses and phone numbers was stolen in the data breach, which led to a week-long shutdown of all Ticketfly services, as well as a number of Ticketfly.com-based venue websites, and forced several promoter partners to push back onsales or migrate to parent company Eventbrite’s platform.
While Ticketfly moved quickly to reassure clients it “takes privacy and security very seriously”, a lawsuit filed in Cook County, Illinois, on Tuesday claims otherwise, accusing the company of consumer fraud, deceptive practices, breach of contract and negligence for its supposedly poor web security – including allegedly failing to heed hackers’ warnings in the run-up to the attack – and an inadequate response once it was discovered.
Ticketfly allegedly failed to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack
Ticketfly/Eventbrite’s “lax cybersecurity procedures” allowed hackers to gain access to her and others’ personal information, says lead plaintiff Shanice Kloss, with the company allegedly failing to “take reasonable measures” to “mitigate the vulnerability”, despite hackers making contact ahead of the attack.
Additionally, claims Kloss, Ticketfly failed to notify her that her data had been compromised, instead limiting its immediate response to a “passive support page” on the Ticketfly website and a “single tweet on social media”. Consequently, she says, she did not learn about the hack until September, months after her personal data was accessed.
Kloss, represented by Jad Sheikali and William Kingston of Chicago’s McGuire Law, seeks unspecified damages and a court order forcing Ticketfly to improve its cybersecurity.
Eventbrite declined to comment.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.
The recent Ticketmaster data breach formed part of a “massive digital credit card-skimming campaign” that affected more than 800 other websites, according to a leading cyber-security company.
The breach, announced in late June, involved malicious software on a customer-support product hosted by a third-party supplier, Inbenta Technologies, that ran on Ticketmaster International, Ticketmaster UK, Get Me In! and TicketWeb websites. Those potentially affected are British customers who bought or attempted to buy tickets between February and 23 June 2018, and international customers who used the service between September 2017 and 23 June 2018.
While the hack was initially thought to be an isolated incident, a new report by security firm RiskIQ, Inside and Beyond Ticketmaster: The Many Breaches of Magecart, reveals the compromised Ibenta plug-in also ran on hundreds of other websites, including “many of the most frequented ecommerce sites in the world”.
According to RiskIQ, the attack was undertaken by a hacking group, Magecart, who placed a “digital skimmer” – an internet version of the physical ‘skimmers’ hidden in credit-card readers in shops and cash machines – on the Ticketmaster sites via Ibenta.
In addition to the Ibenta Technologies software, the RiskIQ report continues, Magecart injected its skimmer into another third-party supplier, SociaPlus, which is running on other Ticketmaster websites, including Ticketmaster Germany and Ticketmaster Australia.
Also affected is a third supplier, known as PushAssist, which provides analytics for websites, says RiskIQ.
“The Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern”
Describing the Ticketmaster incident as “the tip of the iceberg, the report’s authors, Yonathan Klijnsma and Jordan Herman, say: “The Ticketmaster incident received quite a lot of publicity and attention, but the Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern. We’ve identified over 800 victim websites from Magecart’s main campaigns, making it likely bigger than any other credit card breach to date. In the case of a single, highly targeted campaign we dubbed SERVERSIDE, we identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.
“Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection. Previously, they compromised individual websites and added new Javascript or links to remote Javascript files, but they seem to have [got] smarter – rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.
“Currently, the publicly reported breaches are wrongly interpreted and sometimes aren’t breaches at all. They’re all part of the operation of Magecart, a single group that many reports fail to identify, which is spreading faster and wider than ever before.”
RiskIQ first identified the existence of Magecart – which has previously compromised the websites of publisher Faber and Faber and fashion brands Guess and Rebecca Minkoff – in October 2016.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.
Ticketmaster customers have been warned that they could be at risk of identity theft after the company yesterday confirmed that data had been compromised after an extensive data breach. The breach involved a malicious software on a customer support product hosted by an external third party supplier, Inbenta Technologies.
The product ran on Ticketmaster International, Ticketmaster UK, Get Me In and TicketWeb websites. Those potentially affected are UK customers who bought or attempted to buy tickets between February and 23 June 2018 and international customers who used the service between September 2017 and 23 June. Those thought to be affected have been notified.
Ticketmaster is advising those affected to change their passwords on their next sign in and monitor their account statements for evidence of fraudulent activity. Impacted customers are also being offered a free 12 month identity monitoring service with a leading provider. On a dedicated website set up to addressing the questions of those affected, Ticketmaster says it is working with relevant authorities, credit card companies and banks, as well as forensic teams and security experts.
Ticketmaster serves over 230 million customers worldwide each year, though it believes less than 5% have been affected by the breach.
The Guardian is reporting that a number of Ticketmaster customers have already experienced fraudulent activity on their accounts. According to the newspaper, people have identified unauthorised transfers using the service Xendpay and unauthorised purchasing of Uber gift cards and payments to Netflix.
The news of this data breach is the second event of its kind involving a ticketing company in recent weeks. Earlier this month, leading US ticketing platform Ticketfly was involved in a cyber attack which led to the data from 27 million accounts being compromised. Ticketmaster serves over 230 million customers worldwide each year, though it believes less than 5% have been affected by the breach.
Both events are particularly timely, coming just a month after the adoption of the new European General Data Protection Regulation (GDPR) on 25 May. GDPR requires all companies, even outside of the EU to ensure that data belonging to European citizens be treated with “an appropriate level of security”.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.