Ticketmaster has confirmed that they experienced a data breach.
According to the New York Times, the ticketing platform revealed in a federal filing on Friday that the hacker group ShinyHunters claimed responsibility for stealing information from over 500 million customers.
Live Nation Entertainment, Ticketmaster’s parent company, identified “unauthorized activity” in a third-party cloud database.
ShinyHunters, who have reportedly been active since around 2020, have previously targeted companies including Microsoft and AT&T, and are believed to aim to secure personal records and sell them.
The breach was first revealed on Tuesday on a forum called BreachForums where the group said they had data of 560 million Ticketmaster customers, including credit card numbers and ticket sales. The group supposedly demanded $500,000 for the data, which was said to be 1.3 terabytes.
It’s not clear when the breach itself took place but the illegal activity was detected by Ticketmaster on May 20.
“We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement,” read the filing, per the NY Times. “As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.”
Live Nation also added in the filing that they did not believe the data hacking would have “a material impact on our overall business operations or on our financial condition or results of operations.”
Brett Callow, a threat analyst for cybersecurity firm, Emsisoft, told the New York Times that it’s advised to change your Ticketmaster passwords as a precaution, even though there is no evidence that passwords were compromised.
The breach comes on the heels of Ticketmaster scrutiny making headlines, as the Justice Department announced last month it was suing Live Nation for maintaining an alleged illegal monopoly in the live entertainment industry.