July 6, 2025, Washington D.C. Ticketmaster has confirmed that hackers accessed personal data of more than 560 million users, making it one of the largest cybersecurity breaches of the decade. The stolen data is now being offered for sale on several dark web forums, including popular breach marketplaces.
Hacker Group Claims Responsibility
A hacking group known as ShinyHunters has claimed responsibility for the attack, posting samples of the stolen data and demanding a $500,000 ransom for non-distribution. Cybersecurity researchers at vx-underground verified the data structure and confirmed its authenticity aligns with Ticketmaster’s infrastructure.
“This breach is real and significant,” said Jeremiah Grossman, CEO of Bit Discovery. “Ticketmaster’s scale means the impact could affect users in over 70 countries.”
U.S. Federal Agencies Involved
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have launched a formal investigation. The Australian government has also issued a formal breach notice, as over 30 million affected users are based in Oceania.
Ticketmaster has begun notifying impacted users and has reset credentials for a portion of its accounts. The company says no full credit card numbers or passwords were compromised.
Data for Sale on Breach Forums
Listings on known data leak marketplaces show the stolen dataset being offered in chunks, with full user profiles including order histories and loyalty program data. Some listings are bundled with data allegedly stolen from other Live Nation services.
“Threat actors may use this information for large-scale phishing or social engineering attacks,” warned cybersecurity firm Hudson Rock in a flash alert issued this morning.
Legal and Regulatory Fallout
Privacy regulators in the EU and U.K. have demanded a full incident report from Ticketmaster within 72 hours, per GDPR Article 33. If negligence is found, the company could face fines up to 4 percent of its global revenue.
Consumer rights groups are also preparing class action lawsuits in the U.S., Canada, and Australia, citing failure to prevent a known exploit in Ticketmaster’s customer data API.
