ReutersA group of hackers said they stole the personal information of 560 million Ticketmaster customers.
ShinyHunters, the group claiming responsibility, said the stolen data included the names, addresses, phone numbers and some credit card information of Ticketmaster users around the world.
The hacking group reportedly demanded a ransom of $500,000 (£400,000) to prevent the data from being sold to others.
The Australian government said it was working with Ticketmaster to resolve the issue. A spokesperson for the US Embassy in Canberra told AFP that the FBI had also offered assistance.
“The Australian Government is aware of a cyber incident affecting Ticketmaster,” a spokesperson for the Australian Department of Home Affairs said in a statement to BBC media partner CBS News.
“The National Cyber Security Agency is working with Ticketmaster to understand the incident.”
US website Ticketmaster, one of the world’s largest online ticket sales platforms, has not yet confirmed whether a security breach occurred.
Cybersecurity experts warn the claims may be false, but Australian authorities, where they were first reported, have confirmed they are investigating.
An advertisement containing some samples of data believed to have been obtained as a result of the breach was posted on the website of BreachForums, a newly launched hacking forum.
ShinyHunters has been linked to a series of high-profile data breaches that have resulted in millions of dollars in losses for the companies involved.
In 2021, the group sold a physical database of information stolen from 70 million customers of US telecommunications company AT&T.
Last September, data on about 200,000 Pizza Hut customers was leaked in Australia.
EPAThe recent hacking allegations coincide with the relaunch of BreachForums, a dark website where other hackers buy and sell stolen data and information that enables hacking.
The FBI cracked down on the domain in March 2023, arresting its administrator, Connor Brian Fitzpatrick, but the domain resurfaced, according to tech media.
Forum users often inflate the scale of their hacks to attract the attention of other hackers.
Large theft databases are often where they first appear, but there can also be false claims and assertions.
“If Ticketmaster has suffered a breach of this scale, it is important to notify customers, but it is also important to consider that sometimes criminal hackers make false or exaggerated claims about data breaches, so people may be overly concerned until a breach is confirmed. You shouldn’t do it.” says security researcher Kevin Beaumont.
Individuals who reported large amounts of data in the past have proven that it is a duplicate of a previous hack rather than newly stolen information.
However, if confirmed, this hack could be the most serious breach ever in terms of the size and scale of data stolen.
This isn’t the first time Ticketmaster has had security issues.
In 2020, it admitted to hacking one of its competitors and agreed to pay a $10 million fine.
In November, a cyberattack reportedly disrupted ticket sales for Taylor Swift’s Era tour.
Earlier this month, U.S. regulators filed a lawsuit against Ticketmaster’s parent company, Live Nation, accusing the entertainment giant of using illegal tactics to maintain its monopoly on the live music industry.
The Justice Department’s lawsuit said the company’s practices excluded competitors, raised ticket prices and worsened customer service.
The BBC has contacted Live Nation for comment.
