Hackers claimed this week that they had obtained the barcode data for hundreds of thousands of tickets to Taylor Swift’s Eras tour, demanding that Ticketmaster pay millions in ransom or they would leak the information online.
The hacking group posted samples of the data on an online forum – ticket data for Swift’s shows in Indianapolis, Miami and New Orleans – and claimed to have another 30 million barcodes for other high-profile concerts and sporting events.
The ransom messages on the online forum came from the hacking group ShinyHunters and an account that appeared to be associated with it, called Sp1d3rHunters. The group has a history of claiming responsibility for major hacks against companies, including Santander Bank, AT&T, Microsoft and others.
Ticketmaster denied offering money to the hackers, who had not spoken to the company about the ransom, according to a statement from parent company Live National Entertainment. Ticketmaster also said its ticketing technology prevented such leaked barcodes from being used as tickets by refreshing barcodes every few seconds.
Hopeful Swifties will likely be unable to attend their icon’s world tour with a fraudulently obtained ticket. While the data appeared to be from the hacking group’s massive breach of Ticketmaster and Live Nation earlier this year, cybersecurity experts who investigated the breach agreed that the stolen data would not have been useful for gaining access to an arena. The data couldn’t have been used for tickets because Ticketmaster’s mobile app uses dynamic barcodes, experts said, while the data in the hack is static.
“That data is almost certainly not enough to get someone to create a barcode to get in,” said Don Smith, vice president of cybersecurity firm Secureworks. “When you’re doing events of the size and scale of the Eras tour, you’re not going to make it easy for someone to just get into a database and create a fake ticket.”
While ShinyHunters was able to access Swift’s ticket data, which includes information on tickets for nine upcoming dates in the three U.S. cities, experts say companies like Live Nation have more sophisticated measures in place to prevent that data from actually being used to steal tickets.
“If the intention was for all future Eras tour dates to be absolute chaos, I don’t think so,” Smith said.
The Live Nation ransom threat is part of a broader surge in cyberattacks and ransomware in recent years. The attacks have targeted large corporations and public institutions, with analysts estimating that victims will pay $1.1 billion in ransoms by 2023. The U.K.’s National Health Service is still reeling from a devastating attack by a Russia-based ransomware gang in June.
Earlier this year, ShinyHunters reportedly hacked a third party to gain access to Ticketmaster data, including names, partial payment information, phone numbers, ticket sales and other information on approximately 560 million customers. LiveNation confirmed the hack in a filing with the U.S. Securities and Exchange Commission in May, after ShinyHunters claimed responsibility for the attack.
The hack added to Live Nation’s numerous public relations and legal problems. The U.S. Department of Justice sued the company in May, alleging that the company was illegally monopolizing ticket sales and attempting to break them up. Live Nation has also faced criticism for its handling of Swift’s Eras tour, with a botched sales process that led to hours-long wait times, an inability to keep up with customer demand and tickets being resold for exorbitant prices. Swift herself has repeatedly criticized the company.
Swift’s tour has been the target of cyberattacks before. In February, hackers broke into Australian events company Ticketek, accessing individual accounts and reselling tickets for the Eras tour. The company set up pop-up booths outside Swift’s shows where fans could report their concerns and potentially get their tickets refunded.
ShinyHunters also claimed responsibility for gaining access to the bank and credit card numbers of approximately 30 million customers and employees at Santander Bank earlier this year. The group attempted to sell that information to the highest bidder. In May, the FBI and U.S. Department of Justice seized the online forum ShinyHunters used to post information and ransom threats from its Live Nation and Santander hacks, but another site quickly emerged.