Cyberattacks hit two major companies, exposing millions of users’ data

Cyberattacks hit two major companies, exposing millions of users’ data
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="2"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->

Live Nation Entertainment disclosed in a recent SEC filing that it had suffered a data breach that may have compromised the personal information of some of its users. The company said it discovered unauthorized activity in a third-party cloud database containing data from its Ticketmaster subsidiary on May 20, 2024, and launched an investigation with forensic experts.  

On May 27, 2024, a user claiming to have Live Nation user data posted on the dark web stating “Price is $500k USD. One time sale.” The user, on behalf of hacker group ShinyHunters, claimed that the database contained over 1.3 terabytes of data, consisting of 560 million customers' full details (name, address, email, phone), order details, credit card details (customer name, last four digits, expiration date).  

Live Nation said that as of the date of the filing, the incident had not had, and it did not believe it was reasonably likely to have, a material impact on its overall business operations or on its financial condition or results of operations. It said it was continuing to assess the risks and its remediation efforts were ongoing. 

On May 31, TechCrunch published a story on the hack, confirming that the data posted on the dark web was authentic and belonged to Live Nation users. The tech news site also reported that the same hacker group had been linked to another major breach that affected Santander, one of the largest banks in Europe. According to TechCrunch, the hackers had stolen and leaked data from Santander's internal systems, including: 

  • 30 million people’s bank account details,  
  • 6 million account balances, 
  • 28 million credit card numbers, along with the customer name, expiration date, and security code; 
  • HR information for staff

This breach is a serious reminder of the importance of changing your password if you think your account information might be part of a breach. Hackers can use the stolen data to access your other online accounts, commit identity theft, or make fraudulent purchases.  

To protect yourself, you should change your password for any account that uses the same or similar credentials as the ones compromised in the breach. You should also monitor your bank statements and credit reports for any suspicious activity, and report any unauthorized transactions to your financial institution.  

If possible, you should also enable two-factor authentication on your accounts, which adds an extra layer of security by requiring a code or a device confirmation to log in. By taking these steps, you can reduce the risk of becoming a victim of cybercrime and safeguard your personal and financial information.