ShinyHunters posted on Tuesday night in a hacking forum that it obtained data from Ticketmaster and its parent company, Live Nation, including customers’ names, addresses, emails, phone numbers, and order details, Cyber Daily wrote. The group is reportedly attempting to sell the stolen data for $500 million.

From this other link: https://www.abc.net.au/news/2024-05-29/ticketmaster-hack-allegedlyshinyhunter-customers-data-leaked/103908614

It said 1.3 terabytes of customer data possessed by Ticketmaster including names, addresses, credit card numbers, phone numbers and payment details is up for sale.

  • 0110010001100010@lemmy.world
    link
    fedilink
    English
    arrow-up
    138
    ·
    6 months ago

    I’ll look forward to my $0.50 check and exactly zero consequences for the higher-ups that I’m sure slashed IT/cybersecurity budgets.

    • Lost_My_Mind@lemmy.world
      link
      fedilink
      English
      arrow-up
      87
      ·
      6 months ago

      “Did you cut security staff?”

      “Yes.”

      “How much?”

      “70%”

      “And did that lack of security cause a security breach?”

      “Yes.”

      “And how much money did that cost us?”

      “2 million dollars.”

      “And how much did the security team that was let go cost us?”

      “$500,000 per year.”

      “So, we break even after 4 years, and profit after 5?”

      “Uhhhhhhh…I guess?”

      “Good work Johnson”.

      • 0110010001100010@lemmy.world
        link
        fedilink
        English
        arrow-up
        58
        ·
        6 months ago

        heh, you don’t know how true this is. I’ve worked in IT for 2 decades. IT is pretty much always seen as a cost center.

        If everything is running smoothly - “what are we paying you for?!”

        If everything is on fire - " What are we paying you for!?"

        And now with companies getting the tiniest of slaps on the wrists for willful negligence it’s cheaper to cut IT funding, outsource it, whatever.

        If the cost of the fine is less than the profits gained by doing “x” then that’s just the cost of doing business. Execs will continue to do this until there are real consequences for the company and them directly.

        • Alphane Moon@lemmy.ml
          link
          fedilink
          English
          arrow-up
          13
          ·
          6 months ago

          Until there are proper incentives for executives (e.g. full asset seizure and mandatory multi-year community service in roles such as junior janitor, junior hospice care specialist, live-in support for late stage alzheimer’s patients) that require them to take ownership and responsibility for their actions (or lack of thereof), this will continue.

          Just look at the 2017 Equifax breach in the US:

          Wikipedia background:

          An Equifax internal audit in 2015 showed that there was a large backlog of vulnerabilities to patch, that Equifax wasn’t following its own timescales on patching them, that IT staff did not have a comprehensive asset inventory, that Equifax didn’t consider how critical an IT asset was when prioritising patches, and that the patching process worked on an ‘Honour system’. The report set out actions to improve the process, but the time of the breach, two years later, many of them had not been completed.

          Equifax press release states that CIO and CSO can now enjoy retirement:

          As part of the company’s ongoing review of the cybersecurity incident announced September 7, 2017, Equifax Inc. (NYSE: EFX) today made personnel changes and released additional information regarding its preliminary findings about the incident.

          The company announced that the Chief Information Officer and Chief Security Officer are retiring.

          Richard Smith, the CEO under whose watch this happened, got to retire at the ripe old age of 57 and got a nice bonus of $90 M

          Richard Smith, 57, is the third Equifax executive to retire under pressure following the company’s massive data breach revealed earlier this month, putting the personal information of as many as 143 million people at risk.

          But the CEO is still set to collect about $72 million this year alone (including nine months’ worth of his $1,450,000 salary), plus another $17.9 million over the next few years. That’s when the rest of Smith’s stock compensation hits a few important milestones or “vests,” allowing Smith to essentially put it in his bank account. Altogether, it adds up to a total potential paycheck of more than $90.1 million, according to Fortune’s calculations based on Equifax securities filings.

          • brbposting@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            6 months ago

            Are you salivating at the mere thought of this, then?

            Amazon execs may be personally liable for tricking users into Prime sign-ups

            • Alphane Moon@lemmy.ml
              link
              fedilink
              English
              arrow-up
              3
              ·
              6 months ago

              This is a start, but the fact that they come up with this:

              Executives had urged the court to dismiss the FTC’s claims against them. They argued that the FTC “singled them out ‘for an ‘unprecedented sanction’” when the agency had “only recently started prosecuting companies for using ‘dark patterns’” under Restore Online Shoppers’ Confidence Act (ROSCA) and the FTC Act. They claimed that the FTC never alerted them to any wrongdoing before filing the lawsuit, so how could they have known they were violating the law?

              Suggests that they are not being serious.

              And I doubt the fine will be sufficient for them to re-evaluate their attitudes. What we need is full asset seizure (every last cent, home, car, everything) and to send them to do a decade as junior support personnel at a late stage Alzheimer’s care facility (my dad had Alzheimer, so I am not being callous for the sake of it).

              They can also do 20 years in prison with no parole if they are too good for community service.

              • Pips@lemmy.sdf.org
                link
                fedilink
                English
                arrow-up
                2
                ·
                6 months ago

                I’m not sure how that’s indicative of the FTC not being serious? You’re quoting a defense argument, of course they’re going to argue the agency is wrong.

                • Alphane Moon@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  6 months ago

                  With respect to the US regulatory/judicial actions, I find it difficult to believe that they will be sufficient to nudge the criminals towards genuine self-reflection and a desire to change their behaviour. Similarly, other criminals are likely see enforcement action as more of a “risk to be managed” as opposed to a strong incentive to re-evaluate their approach to criminal schemes.

                  This is of course not a US only problem, albeit there are countries were consumer rights and business criminality is less socially acceptable.

                  I didn’t interpret their argument as stating “the agency is wrong”. More like “we weren’t told this was wrong, we were one of the caught … so this claim should be dismissed.”

                  I would even go as far as saying that this is a sign of disrespect towards judicial processes.

    • Lost_My_Mind@lemmy.world
      link
      fedilink
      English
      arrow-up
      28
      ·
      6 months ago

      So convenient to automatically give everyone access to your credit card number without any action or knowledge on your end. It happens all on its own.

      • Kairos@lemmy.today
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        6 months ago

        👍

        Does anyone have reccomendations for a good (open source) Android keyboard mine doesn’t have a search function for emoji

        • Otter@lemmy.caOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          I was about to recommend Heliboard since that’s the best one so far IMO, but it also doesn’t have emoji search. Turns out I was using the “recent emojis” menu

          That might help in the meantime till a better recommendation comes around

        • brbposting@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          I just want iOS to ALWAYS suggest emoji when one’s available for that word. Never use the autocomplete function on iPhone besides for when it suggests an emoji 😎

          (It worked that time! For “cool”)

        • Lost_My_Mind@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          6 months ago

          I was going to reccomend the samsung keyboard specifically BECAUSE it doesn’t have that swiping, or emojis. Yep. Just a good ol standard reliable keyboard. Which means any typos in this message are my own stupid fingers fault.

          …but you WANT emojis in your keyboard. Must be a generational thing.

          /hankhill

  • umbraroze@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    ·
    6 months ago

    Meanwhile, earlier this month, I had to literally disable quite a few bits of adblocks and other extensions just so that Ticketmaster’s crappy CAPTCHA thing would allow me to even log in. Literally screamed “Why are you pestering me, I’m just trying to buy a ticket to a local car show, not a fucking Madonna concert”

      • umbraroze@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        Oh last year I paid the ticket in cash, 20€, no problem. This year? 20€, plus 1+bits euros of processing fees. To “deliver” my ticket to the platform of my choice. (…Mobile app.)

        So I went to the car show. They still had the cash booth. Mild failure to communicate. I just dodged the field of view of the booth guys, out of shame, and entered like normal, glad the ticket guards were accommodating.

        Oh I forgot the best part! When I was trying to log on and the security interfered with CAPTCHAs, Ticketmaster reset my password several times. That’s how you know this company take security seriously. /s (Literally no site does this.)

  • OsrsNeedsF2P@lemmy.ml
    link
    fedilink
    English
    arrow-up
    29
    ·
    6 months ago

    Proof they don’t care:

    The company’s share price remained relatively flat following reports of its massive data leak.

  • ShittyBeatlesFCPres@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    6 months ago

    If that data is really worth $500 million, Ticketmaster probably “hacked” itself. One last score before the DOJ breaks them up.

      • pdxfed@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        6 months ago

        Not by venues the size that are whored out to TM, is an option. Just because something is slammed at you 1m times by radio, advertisers, YouTube, etc., you can still choose the music you listen to and like.

        • Lost_My_Mind@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          6 months ago

          I’ve been to concert venues that hold 30 max occupants still had to go through ticketmaster for $5 tickets, with $13.79 in fees.

          They are EVERYWHERE.

          • pdxfed@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            Didn’t mean to say venues have many options, TM needs to be broken up. Even non-profits and the like have had to sign the Ursula contract with TM as they dominate the industry so

  • YⓄ乙 @aussie.zone
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    My brokeass can’t do shit so I will just give you an upvote. Bank refused to give me loan because of my credit rating. The funny part is I never had a credit card or any other loan. Later I found out my that Tangerine Telecom fucked me by giving my data to hackers and someone used my info to get a credit card.

  • Austin@lemmy.zip
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    Unfortunately it was just another Wednesday for the higher ups there. Sigh.