Clicking on trouble: How to protect yourself after Ticketmaster data breach
- Replies 2
In an era where digital security breaches are becoming increasingly common, concerns over personal data protection have reached new heights.
Recent reports of a data breach involving a prominent ticketing platform have once again highlighted the vulnerabilities inherent in online transactions.
As individuals grapple with the potential fallout of compromised information, it is becoming increasingly imperative to understand the steps necessary to safeguard personal data and mitigate the risks posed by cyber threats.
Ticketmaster, a leading ticket sales and distribution company, has become the latest victim of a significant cyber attack, leaving many Australians concerned about the safety of their personal information.
The breach, which was revealed to have potentially compromised the data of over 500,000 users, is a stark reminder of the vulnerability of our online presence.
The notorious hacker group ShinyHunters claimed responsibility for the theft of 1.3 terabytes of data, which included sensitive information such as names, addresses, partial credit card numbers, phone numbers, and payment details.
The group threatened to sell the data for a hefty sum of $US500,000 ($AU750,000), putting half a million people at risk of identity theft and fraud.
Stan Gallow, a BDO Forensic Services Partner and former police detective specialising in tech and cyber fraud estimated that around 2 million Australians could be affected.
‘If you are a subscriber to Ticketmaster, then you need to assume you have been breached and should start taking the appropriate precautions,’ Mr Gallow advised.
According to a spokesperson, the Department of Home Affairs acknowledged the breach and is ‘working with Ticketmaster to understand the incident’, before referring further inquiries to Ticketmaster.
However, as we await a response from the company, it's crucial for individuals to take proactive steps to protect themselves.
The reason for the data breach will remain unknown until Ticketmaster gives an official statement on the issue.
‘ShinyHunters have historically gone by creating phishing pages of websites to essentially make it look like a Ticketmaster employee login page and then stealing credentials through there,’ Associate Professor of Cyber Security Studies at Macquarie University Jeffrey Foster explained.
‘But this doesn't mean they did it that way this time.’
He suggested that should Ticketmaster opt against paying the ransom, the data could be sold on the dark net and used for illicit purposes.
In such a scenario, cybercriminals could exploit the information for identity theft and unauthorised credit applications, as well as potentially manipulate personal details to instigate phishing scams, thereby compromising victims' trust.
To determine if you have been affected by the data breach, Cybertrace CEO Dan Halpin advised checking for updates from the company by watching out for email notifications from them or on social media.
‘Ticketmaster may notify affected users directly, so keep an eye on any communications from them,’ Mr Halpin recommended.
He also suggested reviewing your spam or junk folder. Additionally, if you possess any dormant email addresses that were seldom used, it's crucial to inspect those, too, as there is a possibility that they were used for service sign-ups in the past.
According to Mr Foster, people can also look for unusual banking activity.
‘If you start seeing unusual bank activity, contact your bank immediately and cancel your cards,’ he warned.
‘Go through and figure out what credit cards you use, in this case with Ticketmaster, and have that number cancelled and replaced.’
Mr Halpin also advised being alert for unexpected invoices or notifications regarding services you did not authorise.
Another piece of advice that Mr Foster and Mr Halpin offered was to verify whether your phone number or email addresses have been implicated in any security breaches.
Both recommended going to the HaveIBeenPwned website.
Here, you can confirm whether your mobile number and email address have been included in documented data breaches.
This tool provides immediate notification if your information has been compromised in recognised inadvertent breaches or public postings.
However, access to sensitive breach information requires a subscription.
The platform is managed by Australian cybersecurity expert Troy Hunt, who oversees a repository of identified leaked data.
‘All the stuff you leave online might one day be out there in the public domain,’ Mr Hunt reminded.
‘And in terms of the Ticketmaster hack, the gut feeling at the moment is that we need to take it seriously, but we do need to hear from them first.’
Next, you should obtain a copy of your credit report.
Credit reports offer a means to verify if someone has attempted to apply for credit using your identity, such as acquiring a car loan.
According to ID Care, a non-profit organisation positioned as Australia's primary identity and cyber support service, individuals are entitled to receive one complimentary credit report every three months from the official Australian credit reporting agencies.
Equifax, for instance, provides a free report once every three months, while illion offers free credit reports without any charges, requiring only the creation of a free account.
Similarly, Experian grants a free report once every three months. ID Care advises individuals to obtain reports from all three agencies to ensure comprehensive coverage.
However, in the event of personal theft, ID Care suggested waiting a week before requesting the credit report.
Be vigilant if you experience sudden loss of mobile phone signal. Be wary of SIM swapping—a scam where fraudsters deceive mobile phone service providers into granting them access to a phone number they do not legitimately own.
‘If someone has stolen your phone number they can get access to all your multi-factor authentication,’ Mr Foster cautioned.
‘So make sure to immediately call your phone company, lock down all your accounts and change your passwords.’
Here's what you can do if you suspect you've been affected by the Ticketmaster data breach or any other similar cyber attack:
Lock down your credit report
‘Placing a ban on your credit report can help prevent new accounts from being opened in your name,’ Mr Halpin suggested.
This means credit reporting agencies cannot share your information with credit providers unless legally required.
However, note that imposing a short-term freeze can complicate your own credit applications during this period.
You can visit any of the three websites as mentioned earlier to initiate a credit ban.
Change your passwords
If you've been using the same password for everything, it's time to change that.
One of the easiest ways to protect yourself from hackers is to use strong, unique passwords for each account and avoid reusing the same password repeatedly.
A password manager can help manage your accounts and prevent you from keeping digital records of passwords in emails or computer files.
Use multi-factor authentication where you can
The Australian Cyber Security Centre explains multi-factor authentication as using two or more different methods to verify your identity after entering your password.
For instance, this could involve receiving a code via text message or entering a code generated by a dedicated authenticator app.
‘Think of adding [multi-factor authentication] to your account like adding a house alarm that requires a PIN to deactivate,’ its website explained.
‘It provides you with an extra layer of protection from cybercriminals trying to break in.’
‘Even if they break through one layer (for example, by guessing your password), they still need to break a second barrier to access your account,’ the centre added.
If your data has been breached, Mr Halpin advised contacting several key organisations.
The Australian Cyber Security Centre (ACSC) provides guidance and support, while ID Care offers advice on replacing identity documents.
Contact your bank or financial institution to safeguard your accounts, and reach out to credit reporting agencies to monitor and protect your credit report.
It's also important to file a report with local law enforcement to document the incident, which is necessary for replacing your driver’s licence or other state-issued identity documents.
Lastly, contact Ticketmaster if your data has been compromised through them.
The recent Ticketmaster data breach highlights the vulnerabilities many consumers face. Therefore, it is essential to take proactive steps to protect your personal information from cyber threats.
While breaches can occur unexpectedly, there are strategies to safeguard your data effectively.
Understanding the impact of a data breach is the first step in ensuring your online security remains uncompromised.
Here are some measures to shield yourself from relentless hackers and enhance your cyber protection.
Have you or someone you know been affected by the recent Ticketmaster data breach? What are your tips to avoid falling victim to schemes like this? Share your experiences and suggestions with us in the comments below.
Recent reports of a data breach involving a prominent ticketing platform have once again highlighted the vulnerabilities inherent in online transactions.
As individuals grapple with the potential fallout of compromised information, it is becoming increasingly imperative to understand the steps necessary to safeguard personal data and mitigate the risks posed by cyber threats.
Ticketmaster, a leading ticket sales and distribution company, has become the latest victim of a significant cyber attack, leaving many Australians concerned about the safety of their personal information.
The breach, which was revealed to have potentially compromised the data of over 500,000 users, is a stark reminder of the vulnerability of our online presence.
The notorious hacker group ShinyHunters claimed responsibility for the theft of 1.3 terabytes of data, which included sensitive information such as names, addresses, partial credit card numbers, phone numbers, and payment details.
The group threatened to sell the data for a hefty sum of $US500,000 ($AU750,000), putting half a million people at risk of identity theft and fraud.
Ticketmaster was reportedly breached by the hacker group ShinyHunters, potentially exposing the personal information of around 2 million Australians. Credits: Shutterstock
Stan Gallow, a BDO Forensic Services Partner and former police detective specialising in tech and cyber fraud estimated that around 2 million Australians could be affected.
‘If you are a subscriber to Ticketmaster, then you need to assume you have been breached and should start taking the appropriate precautions,’ Mr Gallow advised.
According to a spokesperson, the Department of Home Affairs acknowledged the breach and is ‘working with Ticketmaster to understand the incident’, before referring further inquiries to Ticketmaster.
However, as we await a response from the company, it's crucial for individuals to take proactive steps to protect themselves.
The reason for the data breach will remain unknown until Ticketmaster gives an official statement on the issue.
‘ShinyHunters have historically gone by creating phishing pages of websites to essentially make it look like a Ticketmaster employee login page and then stealing credentials through there,’ Associate Professor of Cyber Security Studies at Macquarie University Jeffrey Foster explained.
‘But this doesn't mean they did it that way this time.’
He suggested that should Ticketmaster opt against paying the ransom, the data could be sold on the dark net and used for illicit purposes.
In such a scenario, cybercriminals could exploit the information for identity theft and unauthorised credit applications, as well as potentially manipulate personal details to instigate phishing scams, thereby compromising victims' trust.
To determine if you have been affected by the data breach, Cybertrace CEO Dan Halpin advised checking for updates from the company by watching out for email notifications from them or on social media.
‘Ticketmaster may notify affected users directly, so keep an eye on any communications from them,’ Mr Halpin recommended.
He also suggested reviewing your spam or junk folder. Additionally, if you possess any dormant email addresses that were seldom used, it's crucial to inspect those, too, as there is a possibility that they were used for service sign-ups in the past.
According to Mr Foster, people can also look for unusual banking activity.
‘If you start seeing unusual bank activity, contact your bank immediately and cancel your cards,’ he warned.
‘Go through and figure out what credit cards you use, in this case with Ticketmaster, and have that number cancelled and replaced.’
Mr Halpin also advised being alert for unexpected invoices or notifications regarding services you did not authorise.
Another piece of advice that Mr Foster and Mr Halpin offered was to verify whether your phone number or email addresses have been implicated in any security breaches.
Both recommended going to the HaveIBeenPwned website.
Here, you can confirm whether your mobile number and email address have been included in documented data breaches.
This tool provides immediate notification if your information has been compromised in recognised inadvertent breaches or public postings.
However, access to sensitive breach information requires a subscription.
The platform is managed by Australian cybersecurity expert Troy Hunt, who oversees a repository of identified leaked data.
‘All the stuff you leave online might one day be out there in the public domain,’ Mr Hunt reminded.
‘And in terms of the Ticketmaster hack, the gut feeling at the moment is that we need to take it seriously, but we do need to hear from them first.’
Next, you should obtain a copy of your credit report.
Credit reports offer a means to verify if someone has attempted to apply for credit using your identity, such as acquiring a car loan.
According to ID Care, a non-profit organisation positioned as Australia's primary identity and cyber support service, individuals are entitled to receive one complimentary credit report every three months from the official Australian credit reporting agencies.
Equifax, for instance, provides a free report once every three months, while illion offers free credit reports without any charges, requiring only the creation of a free account.
Similarly, Experian grants a free report once every three months. ID Care advises individuals to obtain reports from all three agencies to ensure comprehensive coverage.
However, in the event of personal theft, ID Care suggested waiting a week before requesting the credit report.
Be vigilant if you experience sudden loss of mobile phone signal. Be wary of SIM swapping—a scam where fraudsters deceive mobile phone service providers into granting them access to a phone number they do not legitimately own.
‘If someone has stolen your phone number they can get access to all your multi-factor authentication,’ Mr Foster cautioned.
‘So make sure to immediately call your phone company, lock down all your accounts and change your passwords.’
Here's what you can do if you suspect you've been affected by the Ticketmaster data breach or any other similar cyber attack:
Lock down your credit report
‘Placing a ban on your credit report can help prevent new accounts from being opened in your name,’ Mr Halpin suggested.
This means credit reporting agencies cannot share your information with credit providers unless legally required.
However, note that imposing a short-term freeze can complicate your own credit applications during this period.
You can visit any of the three websites as mentioned earlier to initiate a credit ban.
Change your passwords
If you've been using the same password for everything, it's time to change that.
One of the easiest ways to protect yourself from hackers is to use strong, unique passwords for each account and avoid reusing the same password repeatedly.
A password manager can help manage your accounts and prevent you from keeping digital records of passwords in emails or computer files.
Use multi-factor authentication where you can
The Australian Cyber Security Centre explains multi-factor authentication as using two or more different methods to verify your identity after entering your password.
For instance, this could involve receiving a code via text message or entering a code generated by a dedicated authenticator app.
‘Think of adding [multi-factor authentication] to your account like adding a house alarm that requires a PIN to deactivate,’ its website explained.
‘It provides you with an extra layer of protection from cybercriminals trying to break in.’
‘Even if they break through one layer (for example, by guessing your password), they still need to break a second barrier to access your account,’ the centre added.
If your data has been breached, Mr Halpin advised contacting several key organisations.
The Australian Cyber Security Centre (ACSC) provides guidance and support, while ID Care offers advice on replacing identity documents.
Contact your bank or financial institution to safeguard your accounts, and reach out to credit reporting agencies to monitor and protect your credit report.
It's also important to file a report with local law enforcement to document the incident, which is necessary for replacing your driver’s licence or other state-issued identity documents.
Lastly, contact Ticketmaster if your data has been compromised through them.
The recent Ticketmaster data breach highlights the vulnerabilities many consumers face. Therefore, it is essential to take proactive steps to protect your personal information from cyber threats.
While breaches can occur unexpectedly, there are strategies to safeguard your data effectively.
Understanding the impact of a data breach is the first step in ensuring your online security remains uncompromised.
Here are some measures to shield yourself from relentless hackers and enhance your cyber protection.
.png){kind=icon}
