Entertainment giant Live Nation has confirmed that its ticket sales subsidiary Ticketmaster was hacked.
Live Nation acknowledged the data breach in a filing with government regulators late after the market closed on Friday.
Live Nation said in a statement that the breach occurred on May 20, when cybercriminals “sold what they said were Live Nation user data via the dark web.” The company did not say who owned the personal information, but it is believed to belong to its customers. It is unclear why it took the company more than a week to disclose the breach.
Live Nation said in a statement that it had “identified unauthorized activity within a third-party cloud database environment containing Live Nation data.”
The company did not name the third-party cloud database in its statement.
A Ticketmaster spokesperson, who declined to be named but responded via the company's media email address, told TechCrunch that the stolen database was hosted on Snowflake, a Boston-based cloud storage and analytics company.
A Ticketmaster spokesman declined to say how the data was leaked from Snowflake's systems.
Snowflake said in a post on Friday that it had notified a “limited number of customers who are believed to be impacted” by an attack “targeting some of our customer accounts.” Snowflake did not describe the nature of the attack or whether any data was stolen from customer accounts.
Snowflake spokeswoman Danica Stanczak declined to comment publicly on the Ticketmaster breach.
Amazon Web Services also hosts much of the infrastructure for Live Nation and Ticketmaster, according to a customer case study that has since been removed from Amazon's website.
Earlier this week, administrators of the popular, since-revived cybercrime forum “BreachForums” claimed to be selling the personal information of 560 million customers, including purported personal information of Ticketmaster customers, along with ticket sales and customer card information.
Live Nation has not previously commented on the data breach. Earlier this week, Australian authorities confirmed they were assisting Live Nation with the cybersecurity incident, and the US cybersecurity agency CISA deferred comment to Live Nation.
TechCrunch on Friday obtained some of the allegedly stolen data, including thousands of records containing email addresses. This included several internal Ticketmaster email addresses used in the tests, which have not been made public but appear to be actual Ticketmaster accounts. TechCrunch confirmed on Friday that the records we reviewed belong to Ticketmaster customers.
TechCrunch checked the validity of these accounts by entering internal email addresses into Ticketmaster's sign-up form, which returned that all accounts were genuine. (Ticketmaster displays an error if you enter an email address that's already a genuine Ticketmaster account.)
In early May, the Justice Department and 30 attorneys general filed a lawsuit accusing Live Nation of monopolistic practices and seeking to break up the ticket-selling conglomerate.
Updated to reflect Ticketmaster's response and Snowflake's decline.
Do you know more about the Live Nation TicketMaster breach? Let us know. You can contact this reporter on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send us files and documents via SecureDrop.