The threat actor Sp1d3rHunters is already leaking more data, as shown by darknet analyses from Kaspersky Digital Footprint Intelligence.
This time, it’s allegedly a database from Neiman Marcus, a luxury store that was also compromised in a data theft attack on Snowflake. In a previous extortion campaign against Ticketmaster, Sp1d3rHunters has already leaked nearly 39,000 print-at-home tickets for 150 upcoming concerts and events. Furthermore, the threat actor claims to have stolen a database containing contact information of extremely prominent individuals such as the Trump and Biden families, the Kardashians, Kanye West, and Elon Musk. Alexey Bannikov, an expert at Kaspersky Digital Footprint Intelligence, comments:
“This actor seems to be conducting a malicious campaign related to celebrities and is leaking either their tickets or their personal data. Sp1d3rHunters has been registered on a darkweb forum since May 2024. However, it’s unclear whether the offered database is genuine. Actors on the black market often offer fake databases for sale to gain attention and reputation. A connection to the hacker group known as ShinyHunters, which originally appeared in the news and darkweb discussions about the Ticketmaster database leak, is currently still unclear.”
The Ticketmaster Cyber Incident
Ticketmaster recently fell victim to a massive hacking attack in which the personal information of about 560 million customers was stolen. The stolen data included names, addresses, email addresses, and partial credit card information, which were offered for sale on the dark web. The attack was discovered on May 20, after which Ticketmaster engaged specialized firms to investigate the incident. Live Nation, Ticketmaster’s parent company, has reported the incident to the US Securities and Exchange Commission (SEC) and is working with law enforcement agencies to minimize the damage. There is speculation that the attack was facilitated through an employee of the cloud provider Snowflake, possibly through the use of malware. Ticketmaster has urged its customers to change their passwords and implement additional security measures such as two-factor authentication (2FA) to prevent further misuse.