Live Nation is investigating a data breach at its Ticketmaster subsidiary, which dominates ticketing for live events in the United States.
Live Nation, based in Beverly Hills, California, said in a regulatory filing Friday that on May 27 “a criminal threat actor’' offered to sell Ticketmaster data on the dark web.
Recommended Videos
Other media reports say a hacking group named ShinyHunters claimed responsibility for the breach in an online forum and was seeking $500,000 for the data, which reportedly includes names, addresses, phone numbers and some credit card details of millions of Ticketmaster customers.
The News4JAX I-TEAM is talking to cybersecurity experts to help you protect your information in a time where we are seeing an increase in data breaches.
There are ways to see if your personal data was compromised in Ticketmaster’s hack and published online.
The website, “haveibeenpwned.com”, can help you determine if your email address has been part of a data breach.
“And what the website does is it’ll actually check for any publicly known data breaches and check if your information’s on the dark web, if it’s being sold, if it’s being leaked somewhere,” Tyler Chancey, Scarlett Cyber Security Director, said.
Chancey describes the dark web as an internet for non-index websites. That means they can’t be googled or searched by traditional means.
Many of the sites on the dark web offer stolen data for sale. “Have I been pwned” will tell you how many times your email has been connected to a data breach.
“Well, generally the first thing you can do is you can sign up for the website’s data breach alerts. And if your email is found in a data breach, you can immediately go reset any account that uses that same email and password. Go change those passwords in those emails, you need to be using something like a password manager,” Chancey said.
He says a password manager can also be hacked but he adds they have more protections in place against them.
Another effective deterrent is multi-factor authentication.
“Multi-factor authentication, where you use an authenticator app, or you put in your phone number and get a text to validate who you are counteracts this in a way, right? They steal your password, they go to log into your bank, your bank sends you a message saying, ‘hey, is this you logging into your app?’ You’re going to see that and know something is going on, and they’re not going to get into that account. So, multifactor truly is the main way to at least mitigate some of the damage from this,” Chancey said.
Chancey suggests to frequently change your password, but also don’t forget to sign up for alerts through your password manager, that will inform you just as soon as your email address or any other identifying information is published on the dark web.