Sp1d3rHunters threat actor leaks 166,000 Taylor Swift concert barcode data after Ticketmaster fails to pay ransom.
Hackers have escalated their extortion efforts against Ticketmaster by leaking what they claim is barcode data for 166,000 Taylor Swift concert tickets. The threat actors, known as Sp1d3rHunters, had issued a $2 million ransom demand to Ticketmaster, threatening to disclose more user data and event barcode information if left unpaid.
Sp1d3rHunters is the same group behind the sale of data stolen from Snowflake accounts in April 2022. Snowflake is a cloud data warehouse utilized by Ticketmaster to store customer databases. The hackers exploited stolen credentials to download data from over 165 companies using Snowflake.
The leaked Taylor Swift ticket details reportedly contain barcode values, seat information, face value and other fields that could potentially be used to recreate scannable tickets. While Ticketmaster disputes the validity of recreating usable tickets due to SafeTix technology that refreshes barcodes, the leak still poses privacy and commercial risks.
The extortionists claim to have 680 million Ticketmaster user records and barcode information for 30 million additional events, including Pink, Sting, Formula 1, MLB and NFL games.
“Pay us $2million USD or we leak all 680M of your users information and 30million more event barcodes including: more Taylor Swift events, P!nk, Sting, Sporting events F1 Formula Racing, MLB, NFL and thousands more events,” reads the extortion demand first shared by threat intel service HackManac.
They warned of further disclosures if their $2 million ransom was not paid by Ticketmaster. However, Ticketmaster stated they did not negotiate with the criminals and consider the leaked barcodes unusable due to countermeasures.
This is the latest escalation in a long-running Ticketmaster extortion campaign. The same threat group, ShinyHunters, was behind the May sale of 560 million stolen Ticketmaster customer records and a previous data breach at telecom giant AT&T affecting 70 million users.
They also leaked phone numbers registered with Authy’s multi-factor authentication service.
The spree of recent mega breaches involving Snowflake highlights the risks of compromised cloud account credentials. Even with advanced ticket security, the Taylor Swift ticket leak underscores concerns over stolen user privacy data and potential commercial impacts of such disclosures on live entertainment events.