Cybersecurity experts have shared advice on what Ticketmaster customers can do after a massive data breach and how to avoid being hacked online.
Dark web group Shiny Hunters claims to have stolen the personal information of 560 million people, including Australians and New Zealanders.
Ticketmaster and its parent company Live Nation have been ordered to pay a $750,000 ransom on the dark web or risk having their information leaked.
Nigel Phair, a professor at Monash University’s Department of Software Systems and Cybersecurity, criticized lawmakers for failing to keep up with cybersecurity laws.
‘Major data breaches are becoming all too common. “It is clear that the current legislative approach is not working, as organizations are still not putting enough effort into cyber risk management,” he stated.
“There are over five million Ticketmaster account holders in Australia and New Zealand, and they will be concerned about any loss of personal information including names, addresses, passwords, credit card numbers etc. and where it may end up on the dark web” .
Ticketmaster and its parent company Live Nation were attacked by the dark web group Shiny Hunters.
Monash University Professor Nigel Phair (pictured) in the Department of Software Systems and Cybersecurity warned there is “not much you can do” if your information is leaked online.
Professor Phair also criticized Ticketmaster for its lack of accountability since the attack.
“Part of the problem is that nothing has come out of Ticketmaster yet, which is quite worrying because they have been silent and that doesn’t help anyone,” he told Daily Mail Australia.
‘Customers need to know if they have been caught up in this or not. They are supposed to be based on what the criminal group has said.
“We need a definitive response from the company and it is a failure of them to not actively engage with their customer base to explain what happened, how it happened and what they are doing to remedy the issue.”
Ticketmaster has not issued a statement about the hack and did not respond to Daily Mail Australia’s request for comment.
While the Ticketmaster hack has renewed concerns about cybersecurity, Professor Phair urged people to be very skeptical of all the messages they receive as a first step in staying safe online.
‘We have so many violations. “People need to be very alert at all times in the online environment,” he stated.
Regarding concerns specific to Ticketmaster, Professor Phair warned customers to think about what information has been shared with the website and how scammers could use it.
“Be on the lookout for phishing emails, text messages and phone calls,” he said.
‘They need to think about how they logged in. If your credentials have been exposed, they will be your username and password.
“Unfortunately, many of us reuse the same password across several different logins, so people should think about changing them if they are used across multiple platforms.”
However, once data has been leaked, it can be difficult to repair the damage.
Professor Phair blamed Ticketmaster’s “monopoly” on the ticket market for not inciting competition, which would likely include companies with better cybersecurity.
‘There are many things that are not under your control. “If you want to go to a sports game on the weekend, you go to the website and enter your credit card details,” he said.
‘You hope that the organization you are dealing with is carrying out a competent risk management review and that controls protect people’s personal information, including names, addresses, email addresses and credit card details .
“Once they leak, there’s not much you can do.”
Professor Phair warned all Ticketmaster users to “actively review their accounts”.
“They need to check bank accounts to see if their credit card details are being used and make sure there are no unauthorized or suspicious transactions,” he said.
Professor Phair urged people to be very skeptical of all messages they receive as their contact details may have been leaked.
When asked whether online companies, such as Ticketmaster, can be trusted with customers’ credit card information, Professor Phair’s simple answer was: “No.”
“They get hacked this way and they get exposed,” he said.
‘There are mechanisms related to the use of the banking and financial sector, so there is no complete storage of the full 16 numbers, expiration dates and CVV.
‘But again, we don’t know if Ticketmaster was indulging in those security measures or if they were just storing them in plain text.
‘It goes back to my original statement that we simply haven’t heard from them. It’s awful.’
Rachael Falk, chief executive of the Cyber Security Cooperative Research Centre, also warned Australians to be careful online.
“Hacker groups like Shiny Hunters are just one of many organized crime groups that carry out these types of operations,” he said.
“They can change shape quickly to evade police arrests. They target companies with large amounts of personal data.
“Their currency is to steal personal data to sell to other cybercriminals.”
Ms. Falk shared her top four tips for avoiding being hacked, as “even the most secure systems can have vulnerabilities and these hacking groups are getting smarter every day.”
Professor Phair blamed Ticketmaster’s “monopoly” on the ticket market for not inciting competition, which would likely include companies with better cybersecurity.
“Change your passwords regularly and don’t use the same one more than once,” he said.
‘Install any pending security updates or patches on your devices.
‘Always check your credit or debit card charges – keep an eye out for unusual activity on your bank cards and report anything suspicious to your bank.
“Do not open any suspicious emails or text messages; always go to the official website or app to check for updates or offers.”
Customers whose information was exposed are at risk of financial fraud and identity theft.
The Department of the Interior is aware of the hack and is working with Ticketmaster to “understand the incident.”
Ticketmaster is a subsidiary of Live Nation and operates in 32 countries around the world.