Cybersecurity experts have shared advice on what Ticketmaster customers can do after a major data breach – and how to avoid being hacked online.
Dark web group Shiny Hunters claims to have stolen the personal data of 560 million people, with Australians and New Zealanders among the victims.
Ticketmaster and its parent company Live Nation have been ordered to pay a $750,000 ransom on the dark web or risk having the information leaked.
Monash University’s Professor Nigel Phair, from the Department of Software Systems and Cybersecurity, called out lawmakers for failing to comply with cybersecurity laws.
‘Significant data breaches are all too common. “The current legislative approach is clearly not working as organizations are still not putting enough effort into cyber risk management,” he said.
“There are more than five million Australian and New Zealand Ticketmaster account holders. They will be concerned about the loss of personal information including names, addresses, passwords, credit card numbers, etc. and where it might end up on the dark web.”
Ticketmaster and parent company Live Nation were targeted by the dark web group Shiny Hunters
Monash University Professor Nigel Phair (pictured), from the Department of Software Systems and Cybersecurity, warned ‘there’s not much you can do’ if you leak information online
Professor Phair also called out Ticketmaster for its lack of accountability since the hack.
“Part of the problem is that nothing has come out of Ticketmaster yet, which is really worrying that they’ve been quiet and that doesn’t help anyone,” he told Daily Mail Australia.
‘Customers need to know whether they have had to deal with it or not. It is believed that they are going by what the criminal group has said.
‘We need a definitive answer from the company and it is a mistake for them not to actively engage with their customer base to explain what happened, how it happened and what they are doing to resolve the issue .’
Ticketmaster has not released a statement on the hack and did not respond to Daily Mail Australia’s request for comment.
While the Ticketmaster hack has revived concerns about cyber security, Professor Phair urged people to be highly skeptical of any messages they receive as a first step in staying safe online.
“We have so many breaches. People need to be hyper-vigilant in the online environment at all times,” he said.
On Ticketmaster-specific concerns, Professor Phair warned customers to consider what information has been shared with the website and how scammers can use it.
“Be on the lookout for phishing emails, text messages and phone calls,” he said.
‘They have to think about how they are logged in. If their login details have been made public, this will be their username and password.
‘Unfortunately, many of us reuse the same password for a number of different logins, so people should think about changing these if they are used on multiple platforms.’
However, once data is leaked, it can be difficult to undo the damage.
Professor Phair blamed Ticketmaster’s ‘monopoly’ on the ticket market for failing to foster competition, which would likely include companies with better cyber security.
‘There are many things you have no control over. “If you want to go to a sporting event on the weekend, you go to the website where you enter your credit card details,” he said.
‘You hope that the organization you are dealing with carries out a competent risk management assessment and protects people’s personal information, including names, addresses, email addresses and credit card details.
“Once they’re leaked, there’s not much you can do.”
Professor Phair warned all Ticketmaster users to ‘actively look at their accounts’.
“They should check bank accounts to see if their credit card details are being used and ensure no unauthorized or suspicious transactions are taking place,” he said.
Professor Phair urged people to be highly skeptical of any messages they receive as their contact details may have been leaked
When asked whether online companies, such as Ticketmaster, can trust their customers’ credit card details, Professor Phair’s simple answer was: ‘No.’
“They are being hacked this way and they are being exposed,” he said.
‘There are mechanisms around banking and finance usage, so there isn’t the full storage of the full 16 numbers, expiry dates and CVV.
“But again, we don’t know if Ticketmaster allowed themselves these security measures or if they just stored them in plain text.
“It goes back to my original statement that we just haven’t heard from them. It’s terrible.’
Cyber Security Cooperative Research Center CEO Rachael Falk also warned Australians to be careful online.
“Hacking groups like Shiny Hunters are just one of many organized crime groups undertaking these types of operations,” she said.
‘They can quickly change shape to avoid the police. They target companies with large amounts of personal data.
“Their currency steals personal data to sell to other cybercriminals.”
Ms Falk shared her top four tips to avoid being hacked, as ‘even the most secure systems can have vulnerabilities and these hacking groups are getting smarter every day’.
Professor Phair blamed Ticketmaster’s ‘monopoly’ in the ticket market for failing to encourage competition, which would likely include companies with better cyber security
“Change your password regularly and don’t use the same password more than once,” she said.
‘Install any security updates or patches on your devices.
‘Always check your credit or debit card charges: look out for unusual activity on your debit card and report anything suspicious to your bank.
‘Don’t open suspicious emails or text messages. Always go to the official website or app to check updates or offers.’
Customers whose information has been exposed are at risk of financial fraud and identity theft.
The Home Office is aware of the hack and is working with Ticketmaster to ‘understand the incident’.
Ticketmaster is a subsidiary of Live Nation, active in 32 countries around the world.