Cybersecurity experts have shared advice on what Ticketmaster customers can do following a massive data breach – and how to avoid getting hacked online.
Dark web group Shiny Hunters claims to have stolen the personal information of 560million people, with ns and New Zealanders among the victims.
Ticketmaster, and its parent company Live Nation, have been ordered to pay a ransom of $750,000 on the dark web or risk the information being leaked.
Monash University professor Nigel Phair, from the Department of Software Systems and Cybersecurity, called out lawmakers for failing to keep up with cybersecurity laws.
‘Significant data breaches are becoming all too common. The current legislative approach is clearly not working as organisations are still not putting sufficient effort into cyber risk management,’ he said.
‘There are over five million n and New Zealand Ticketmaster account holders, they will be concerned about any loss of personal information, including names, addresses, passwords, credit card numbers, etc. and where this may end up on the dark web.’
Professor Phair also called out Ticketmaster for its lack of accountability since the hack.
‘Part of the problem is nothing has come out of Ticketmaster yet, which is really quite concerning that they’ve been silent and that doesn’t help anyone,’ he told Daily Mail .
‘Customers need to know whether they’ve been caught up in it or not. There is an assumption they have going by what the the criminal group has said.
‘We need a definitive response from the company and it’s a failure on their behalf to not be actively engaging with their customer base to explain what’s happened, how it’s happened and what they’re doing to remediate the problem.’
Ticketmaster has not released a statement about the hack and did not respond to Daily Mail ‘s request for comment.
While the Ticketmaster hack has renewed cybersecurity concerns, Professor Phair urged people to be very skeptical of all messages they receive as the first step of staying safe online.
‘We have so many breaches. People need to be hyper vigilant at all times in the online environment,’ he said.
As for Ticketmaster-specific concerns, Professor Phair warned customers to think about what information has been shared with the website and how scammers could use it.
‘Be on the lookout for phishing emails, texts and phone calls,’ he said.
‘They need to think about how they logged on. If their credentials have been exposed, it’s going to be their username and password.
‘Unfortunately, alot of us reuse the same password across a number of different logins so people need to think about changing those if they’re used across multiple platforms.’
However, once data has been leaked it can be difficult to undo the damage.
Professor Phair blamed Ticketmaster’s ‘monopoly’ over the ticket market for failing to incite competition, which would likely include companies with better cybersecurity.
‘There’s a lot of things that aren’t under your control. If you want to go to a sporting match on the weekend, you go to the website you put in your credit card details,’ he said.
‘You hope the organisation you’re dealing with is undertaking a competent risk management review and controls safeguard people’s personal information, which includes names, addresses, email addresses and credit card details.
‘One they get leaked, there’s not much you can do.’
Professor Phair warned all Ticketmaster users to ‘be actively looking at their accounts’.
‘They need to be checking bank accounts to see if their credit card details are being used and make sure there’s no unauthorised or suspicious transactions,’ he said.
When asked if online companies, like Ticketmaster, can be trusted with a customers credit card information, Professor Phair’s simple answer was: ‘No.’
‘They get hacked like this and they get exposed,’ he said.
‘There’s mechanisms around the banking and finance sector use so there isn’t the full storage of the full 16 numbers, expiry dates and CVV.
‘But, again, we don’t whether Ticketmaster was affording themselves of those security measures or whether they were just storing them in plain text.
‘It goes back to my original statement that we just haven’t heard from them. It’s terrible.’
Cyber Security Cooperative Research Centre CEO Rachael Falk also warned ns to be careful online.
‘Hacking groups like Shiny Hunters are just one of many organised crime groups undertaking these types of operations,’ she said.
‘They can shapeshift quickly to evade law enforcement takedowns. They target companies with large amounts of personal data.
‘Their currency is stealing personal data to on-sell to other cyber criminals.’
Ms Falk shared her top four tips to avoid getting hacked as ‘even the most secure systems can have vulnerabilities and these hacking groups are getting smarter every day’.
‘Change your passwords regularly and don’t use the same one more than once,’ she said.
‘Install any pending security updates or patches on your devices.
‘Always check your credit or debit card charges: watch out for unusual activity on your bank cards and report anything suspicious to your bank.
‘Don’t open any suspicious emails or text messages – always go to the official website or app to check updates or offers.’
Customers whose information was exposed are at risk of financial fraud and identity theft.
The Department of Home Affairs is aware of the hack and is working with Ticketmaster to ‘understand the incident’.
Ticketmaster is a subsidiary of Live Nation, operating in 32 countries around the world.