Ticketmaster shot down claims made on the dark web that hackers have access to working ticket barcodes for several upcoming Taylor Swift concerts and other events.

On Friday, a hacker allegedly offered for sale event barcodes for Taylor Swift’s Eras Tour concert dates in New Orleans, Miami and Indianapolis.

The barcodes are typically scanned at the entrance for events. In total, the hacker offered about 170,000 barcodes for sale, with about 20,000 for sale at each show.

The hacker also threatened Ticketmaster with more leaks if they are not paid $2 million — claiming to have 30 million more barcodes for NFL games, Sting concerts and more.

A spokesperson for Ticketmaster debunked the claims made in the post in comments to Recorded Future News.

“Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied,” the spokesperson said.

“This is just one of many fraud protections we implement to keep tickets safe and secure.”

The spokesperson also shot down allegations made in media reports that they engaged the hacker in ransom negotiations, saying that they never engaged with the hacker and never offered the person money.

Ticketmaster’s parent company Live Nation confirmed last month that the company’s account on data storage platform Snowflake had been breached.

Hackers on the dark web claimed to have a 1.3 terabyte database of information on about 560 million Ticketmaster users that included names, addresses, emails and phone numbers as well as event details and information on specific orders.

The theft was part of a larger campaign of thefts targeting about 165 customers of Snowflake. Some of the data stolen from those companies was offered for sale by the same hacker behind this most recent post about event barcodes.

  • notabot@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    I’ve not been to one of these things, but I’m assuming you have to use your phone tobshow the barcode if it’s changing ‘every few seconds’. From the description it sounds more akin to something like TOTP, where each person’s code is derived from a secret key and the current time. The barcodes aren’t random, but mathematically derived and only the current one works. If that is the case the hackers need the secret keys, not the barcodes, and they need to build an app to display the right one at the right time.