In an ongoing extortion scheme targeting Ticketmaster, nearly 39,000 print-at-home tickets for 150 upcoming concerts and events featuring artists like Pearl Jam, Phish, Tate McCrae, and Foo Fighters have been leaked by threat actors. The person responsible, known as 'Sp1derHunters,' is the same individual who sold data stolen from recent data breaches targeting Snowflake, a third-party cloud database provider.

The chain of events began in April when threat actors initiated the download of Snowflake databases from over 165 organisations using stolen credentials acquired through information-stealing malware. Subsequently, in May, a prominent threat actor named ShinyHunters started to sell the data of 560 million Ticketmaster customers, allegedly extracted from Ticketmaster's Snowflake account. Ticketmaster later verified that their data had indeed been compromised through their Snowflake account.

Initially, the threat actors demanded a ransom of$500,000 from Ticketmaster to prevent the dissemination or sale of the data to other malicious actors. However, a recent development saw the same threat actors leaking 166,000 Taylor Swift ticket barcodes and increasing their demand to$2 million.
In response to the situation, Ticketmaster asserted that the leaked data was ineffective due to their anti-fraud measures with a system that continuously generates unique mobile barcodes. According to Ticketmaster, their SafeTix technology safeguards tickets by automatically refreshing barcodes every few seconds, making them impervious to theft or replication.

Contrary to Ticketmaster's claims, Sp1d3rHunters refuted the assertion, stating that numerous print-at-home tickets with unalterable barcodes had been stolen. The threat actor emphasised that Ticketmaster's ticket database has online and physical ticket types, such as Ticketfast, e-ticket, and mail, which are printed and cannot be automatically refreshed. Instead, they suggested that Ticketmaster must invalidate and reissue the tickets to affected customers.

The threat actors shared a link to a CSV file containing the barcode data for 38,745 TicketFast tickets, revealing ticket information for various events and concerts, including those featuring Aerosmith, Alanis Morissette, Billy Joel & Sting, Bruce Springsteen, Carrie Underwood, Cirque du Soleil, Dave Matthews Band, Foo Fighters, Metallica, Pearl Jam, Phish, P!NK, Red Hot Chili Peppers, Stevie Nicks, STING, Tate McRae, and$uicideboy$.