In a recent development, hackers have leaked what they claim is Ticketmaster barcode data for 166,000 tickets to Taylor Swift's Eras Tour. The hackers issued a warning, stating that more event data would be leaked unless their $2 million extortion demand is met. This leak comes after a previous data breach where a threat actor named ShinyHunters sold data on 560 million Ticketmaster customers for $500,000.

Ticketmaster had confirmed the previous data breach, explaining that it originated from their account on Snowflake, a cloud-based data warehousing company utilized by the enterprise for database storage, data processing, and analytics. The breach occurred when threat actors began downloading Snowflake databases of at least 165 organizations using stolen credentials acquired through information-stealing malware. The affected companies include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Satander.

Now, a new threat actor called Sp1d3rHunters has leaked what they claim to be the ticket data for 166,000 Taylor Swift Eras Tour barcodes, which are used for entry into various concert dates. Sp1d3rHunters had previously been associated with the sale of data stolen from Snowflake accounts and public extortion attempts targeting different companies. In an extortion demand shared by the threat intel service HackManac, the hackers demanded $2 million or threatened to leak the information of over 680 million users, along with 30 million additional event barcodes, including those for upcoming Taylor Swift concerts in Miami, New Orleans, and Indianapolis.

The post also included a small sample of the alleged barcode data, which contained scannable barcode values, seat information, ticket face values, and other details. Sp1d3rHunters even shared instructions on how to convert the leaked data into a scannable barcode.

Although the barcode data was not initially part of the leaked samples released by the threat actors in May, some of the newly leaked data overlaps with the previous breach, including hashed credit card and sales order information for the tickets. ShinyHunters, the group responsible for these attacks, has a history of carrying out numerous data breaches, including those impacting 386 million user records from 18 companies in 2020, an AT&T breach affecting 70 million customers, and the recent leak of 33 million phone numbers associated with the Authy multi-factor authentication app.

Furthermore, Ticketmaster has responded to the incident, stating that their unique barcodes are constantly updated every few seconds through their SafeTix technology. This ensures that the stolen tickets cannot be used. Ticketmaster emphasized that this is just one of several fraud protection measures implemented to maintain the safety and security of tickets. The company also refuted claims made by ShinyHunters, stating that there were no ransom negotiations and denying the alleged $1 million offer to delete the data.

As the investigation continues, affected customers and organizations are advised to remain vigilant for any suspicious activity and to follow any guidance provided by Ticketmaster regarding potential security measures.