As commented in our previous blog, The Resurgence of Major Data Breaches?, in May 2024, a potential data breach involving Ticketmaster surfaced on deep and dark web forums, and we want to analyze it as a sample data breach. The original breach, as shown in the accompanying image below, was posted by the user named ShinyHunters on May 28, 2024. This breach includes data of 560 million customers and 1.3TB of detailed information, including full names, addresses, emails, phone numbers, ticket sales, event information, order details, credit card details, customer fraud details, and more. The data was offered for sale at a price of $500,000 USD.
Recently, another user named Sp1d3r seems to have taken more prominence on the forum, possibly due to the ShinyHunters user having fallen back to a somewhat more secondary role. Sp1d3r advertised the data on the forum, indicating that the potential data breach affected 680 million customers, with data available for $100,000 USD. In addition to selling the entire 680M data set, it has offered a sample of the first million records to all users.
Constella Intelligence obtained the 1 million records sample offered in the forum and analyzed it, providing a glimpse into the scale and severity of the incident. The sample dataset includes:
Analyzing the sample dataset provides several important statistics that illustrate the scope and impact of the potential breach. These statistics offer a quantitative perspective on the breach, helping to understand the extent of the data exposure and identify trends that could inform future protective measures.
The exposure of such detailed and sensitive information in the potential data breach poses several significant risks to the affected individuals. At Constella, in our experience, we are seeing many spear phishing attacks that use credit card data or payment methods as inputs for AI models trained to generate realistic, targeted phishing attacks.
Spear phishing is a targeted attack aimed at stealing sensitive information from a specific individual by posing as a trusted entity. Unlike mass phishing, it is highly personalized and tailored using detailed information from breaches.
With access to names, email addresses, financial information, payment methods, web session cookies and transaction histories, threat actors can create highly convincing emails that appear legitimate using actual AI tools (using LLM models like WormGPT, HackerGPT or DarkBERT, or even prompt jailbreaking into corporate LLM modes).
As the previous example, an email might reference recent user purchases or use personal financial information to make the message more believable. The use of AI can enhance the realism and effectiveness of these scams, making it harder for individuals to distinguish fraudulent emails from legitimate ones.
If the information published by “Sp1d3r” is accurate, Constella recommends taking the following actions:
By following these specific recommendations, individuals can better protect their personal information and mitigate the impact of data breaches like the one potentially experienced by Ticketmaster.
*** This is a Security Bloggers Network syndicated blog from Constella Intelligence authored by Alberto Casares. Read the original post at: https://constella.ai/analyzing-ticketmaster-sample-data-breach-key-insights-and-implications/