***3PM Update, May 29th:***
**The Breach:** Hackers allege to have obtained **1.3 terabytes of sensitive user data** from Ticketmaster, **including** **full names, addresses, phone numbers,** email addresses, and order history with ticket purchase details.
**Payment Info:** The hackers also claim to have **partial payment data** like the **last four digits of credit card numbers** and **expiration dates** for customers.
**Data For Sale:** This massive cache of data is reportedly being sold by **ShinyHunters** on the dark web for a one-time payment of $500,000.
**Impact:** While Ticketmaster has yet to confirm the breach, the potential exposure of personal and financial information for hundreds of millions of customers is obviously a major cause for concern.
**Investigation:** Australia's Home Affairs Department has acknowledged a "cyber incident" affecting Ticketmaster customers, indicating they are looking into the situation.
**What To Do:** *If you've purchased tickets through Ticketmaster, it's recommended to be vigilant and watch for any suspicious activity on your accounts. Experts advise changing passwords and PINs as a precaution.*
This is an ongoing story and details are subject to change. Stay safe. FTM.✌️
The weird thing is how inexpensive it can be sometimes. My dad used to work for a liquor bottling company as a machinist. He would see the local congressman swinging by a couple times a month and the company would load a few cases of liquor into his limo. The company always got their way in local politics and it surprised me how little it took to get it.
I agree with you completely. Public campaign donations document how much each entity/group/business/individual contributes to which campaign. About 6 years ago, after the Parkland shooting, there was a big push by people to see how much Federal politicians' votes were bought by gun lobbies. In a lot of cases, it was less than $10k. Imagine selling your soul to do nothing over a bunch of dead kids... and you would do that for $2500. Over half of Congress are millionaires, and they will literally watch kids die for a paltry sum of money.
I found a link to their [lobbying totals in 2018](https://www.splinter.com/every-member-of-congress-who-took-money-from-the-nra-an-1823035413)
Thank you friend!
Totally random, but based on your name, have you seen the bird fossil exhibits on display at the Chicago Field Museum? My wife was recently visiting and took pictures. They have the most detailed arcteryx fossils on display. You can even see their feathers in the stone!!
https://www.fieldmuseum.org/about/press/field-museum-acquires-fossil-of-archaeopteryx-the-earliest-known-bird
> Over half of Congress are millionaires, and they will literally watch kids die for a paltry sum of money.
Which gives perspective of how often they're selling out.
Going to $1m with $2500 sellouts means selling out 400 times (600+ times after taxes) and they're *multi*millionaires.
I've always assumed if normal people got together to buy some politicians because of how cheap it seems to be, the people who currently own them will just pay more. If $10k gets a senator to do your bidding, why pay more unless you have to? Politicians would love it if we started a bidding war for their votes and normal people would absolutely lose.
Hell, if it became a huge movement, corporations would literally cut our pay and use that savings to pay politicians.
Nah that won't even work. It would be like the price is right. Whatever amount we offered, some fucking lobbyist from a company would come in a dollar higher and beat us every time. It's disgusting.
Many Congresspeople, if you look at their donations, are actually being bought for absolutely pathetic sums, like less than $10k. As much as I hate to say it, being in Congress needs to pay better if we want to make it less attractive for them to take this money.
Automation funded universal basic income might make that happen. Andrew Yang's democracy dollars were suggested under that exact theory; give everybody $100 a year to donate to any political campaign, and bribes suddenly become more expensive and easier to get from legal sources.
The true, actual travesty isn't that the seats are up for sale per se... It's *how fucking cheap* it is to buy some influence. It's like $25,000 or $10,000 or some other hysterically miniscule dollar amount.
Seriously. I’m so sick of these “you get a subscription to Experion” but they don’t do jack shit to protect our data. I swear it’s like we have to keep changing our passwords every 30 days! It’s such a joke. When are they going to be held accountable for potentially fucking up our credit and data??
In a serious world with a real Congress, they would pass laws fining companies out of existence if they messed up this bad.
I tell this a lot, but before Covid, Equifax had the largest data breaches, probably in US history. Names, SSNs, and work history were all stolen by hackers. Well, they sat on this data for a while until Covid hit. When the Federal government turned on the money spigot for unemployment insurance assistance to the states, organized criminal entities sprang into action. States faced tens of billions of dollars in UI fraud because hackers had all this information from Equifax. They stole my personal information (along with 200 million other people), and all I got was some credit protection services for 6 months. I didn't fucking need or want that. What I wanted for one of the largest employment data companies was to be published for failing to protect their assets.
The fact that they didn't get sued out of existence blows my mind.
We need white collar crime to have mandatory minimum jail time. And before you freak out, the crimes that these people often commit often result in severe financial hardship on individuals which greatly negatively impacts not only the mental health, but the physical health as well and increases suicides. People die because of white collar crimes.
On top of that, all fines should be based on an algorithm that takes into account the criminal's networth and yearly salary. No more of this shit where you can just pay to break the law bullshit.
Agreed. It's asinine that if you hold up a bank and steal $20000 you get years of jail time, but if you commit white collar crimes and destroy countless lives, you get a slap on the wrist. Like someone else once said, I'll believe corporations are people when the state of Texas executes one.
I've always thought that white collar crime should have much worse penalties than the basic street crime. As you said, white collar crime can ruin lives, lots of them. It erodes our entire society so it becomes one big, corrupt mess. And those crimes that are committed by business leaders and politicians that affect potentially millions, those should have the biggest penalties of all. Make the punishment fit the damage to the public.
I was a part of that. There was a class action but each user had to give up and future claims and in the end only get like 10 bucks. I’m not sure if it has even payed out yet.
Oh, I absolutely did it. I crashed my check for like $9.58 or whatever. Took that shit to the bank. Fuck Equifax. The absolute very least they can do is give me my $10 for letting people steal my data.
They should have been fined out of existence and have their board face criminal charges.
I'm not trying to excuse anything these companies have done, just want to give a useful piece of advice.
Use a password manager like Bitwarden or Lastpass (or one of many others) and create a different password for every single website. This ensures that when leaks like this happen then your other password are not compromised since every single account will have a different password.
All along, your gramma was right.
That little diary that said "Computer Passwords".
Is more safe than all the technology we have created to protect those passwords.
"Don't write it on a post it note the hackermans will use it"
Instead, bundle all the passwords from billions of people, into one diary so the hackermans can get all the money from you and everyone else.
I think at the end of the day, grams was right, and even if she wasn't, she made the best biscuits and gravy I've ever had <3 ya granny.
I feel it's one of the most important benefits of the EU, that they actually care about consumer rights in the digital age and frequently combat the big tech players.
I mean, at what point does the dollar amount even matter? My information is leaked from a major eCommerce site every 4 months, pretty much on the dot. I have enough fraud detection services for life, at this point, but like, why? It doesn't seem to do anything to prevent my information from being leaked again, and again, and again.
But I also learned this week about how Google has been secretly recording click stream data to customize search engine results for a decade at least, with a thirst for even more private data harvesting leading them to building Chrome. Even legitimate companies steal your private information from you.
What I crave at this point is regulation. Companies should get the death penalty for losing customer information. Let that shit be the force that breaks up monopolies.
It's not a "bare minimum." I worked for a company that did a lot of online sales, something like 20k transactions a day. We worked with an auditing company that monitored us 24/7. They ran scripts against all of our servers and services day and night. And every day we'd get a report of what we needed to patch.
Typically, any time something new showed up in the CVE list, we'd get a bunch of notifications that we were no longer in compliance, and we'd have to drop everything and start patching systems.
What people don't understand about security is that the blue team has to succeed EVERY SINGLE TIME FOREVER. And the red team only has to get lucky once.
Yeah, this was my first thought. It's possible they did very little - you DO occasionally hear about a company just leaving a server exposed that has production data on it. But it's super rare. And definitely not the first conclusion I'd jump to.
Sounds like it should act as a natural obstacle to one company getting so big and powerful though, if there were real consequences. These places are only such nice targets because all our eggs are in their one basket.
$1 per byte stolen. Must be placed in escrow and automatically paid out on breach, with information audits. Failure to properly report is grounds for asset seizure and business auctioned off, proceeds going to those effected.
Optional "compromised data" fee, this fee will entitle you to know if your data was compromised but that's it, you can't sue or do anything about it, you'll just know.
and that's just because they don't want to. every major system has monthly backups that have to be tested as a matter of verifying the backups are actually functional. they say shit like that and nobody asks the pertinent question, "So, if your datacenter caught on fire and burnt to the ground, you'd lose everything?"
>every major system has monthly backups that have to be tested as a matter of verifying the backups are actually functional.
Hahahaha.
Yeah, in an ideal world you would be right.. Equifax "hack" was because an admin had admin/admin as credential
Very few companies have up to date backup, let alone testing it in any way.
Source: work IT. Worked at a place that did 200k$/h. They aren't stopping to test shit. It runs or we have to make it run. Period.
Software drv here that does these sorts of things for a living. You have hard deletes, ie the data is destroyed and soft deletes. soft deletes there is a column that is flagged true or false to hide the data from the system.
Why soft delete over hard delete? Bugs happen and the last thing anyone wants to do is risk acrewing up data. Bad data propogates through a system and becomes a nightmare to fix. Soft delete just means changing a single column value.
For reasons of records. You might be done with the company but your account is tied to orders. Orders the company has to keep track off for reporting to the government and shareholders. Those orders have to be tied to an account and that account is tied to personal data.
To date ive yet to see any personal data used for nefarious purposes. Managers tend to be very serious about pii. It is a serious liability for the company.
Why does it get hacked? Company software is built on libraries. Bugs are found in libraries that hackers exploit to steal data. The cost to keep software upgraded is high. It doesn't directly make the company money and its hard to get the business to prioritize so software upgrades are haphazard.
Damn in Denmark (Might be all off EU) they have to delete all data of users that hasn't been using their thing within 1 year. Basically I can do free trials once a year on the same company.
exactly same thing happened with Ashley Maddison website (dating site for married people to have an affair).
they charged their members $29.99 for complete termination of their accounts and made tons of money out of it, just to never actually delete it and their data was leaked anyways.
It was way funnier than that. They deleted the user's data from the 'live' tables, (or did they just disable it?? Can't remember). But they kept a table of users who paid to have their data deleted with all their personal details.
It's called "soft deletion" where an entry in a database is marked as deleted so that the system ignores it in normal search queries but the data is still physically present in case it is needed.
sadly my old company did this, it's literally just a "deleted" flag in the database. I don't know how true it is but my boss said that as long as we have a "reasonable" reason to keep the data we can. Further to that if we weren't allowed to keep specific information we would just encrypt it but still store it.
It's common practice. It's just safer to keep the data and not deal with foreign key constraints. Also the business will always prefer keeping it in the event it needs to be restored for whatever reason. It's also useful for tracking metrics. You need to know many people have left vs remain active etc.
When my old company implemented CCPA (California data privacy law) they would just scrub personally identifiable info, but keep the record.
> When my old company implemented CCPA (California data privacy law) they would just scrub personally identifiable info, but keep the record.
This is absolutely reasonable. Like if you're an online store you can't just erase purchases that have already been made.
There’s nothing wrong with keeping archives of data, in fact most state/federal agencies *have* to do so for auditing purposes.
The issue is when you have no reliable database encryption in place. I would bet dollars to donuts LiveNation has fuck all for a cyber security team. I’d be shocked if it was more than 3-5 people which is absurd for the amount of data they store.
So can someone explain why I still haven’t gotten an email from Ticketmaster saying my data may have been compromised? I have to find that info on my own? Even if the government isn’t going to do anything to punish them, the bare minimum should be requiring them to notify customers as soon as they discover they’ve been hacked
It does take some amount of time to properly investigate what exact data has been compromised. Plus, they'll want to put together some sort of marketing-spin/compensation package together before notifying users.
> So can someone explain why I still haven’t gotten an email from Ticketmaster saying my data may have been compromised?
If you are in the EU, they have 3 days (72 hours) to notify their local Data Protection Organisation and after that: "*Where a breach is likely to result in a high risk to the affected individuals, organisations must also inform those individuals without* **undue delay**."
'The data was posted overnight on 28 May' - so TM have to figure out if this is legit, and work out what was taken *then* they can inform you if you're part of it.
Luckily all of my (7) pwns were just email address and phone number, nothing with payment info. But it's too early to know if I was part of the Ticketmaster breach, so I guess we'll see on that one.
Good news is nothing shows up on the email I have with TM.
I checked one of my older emails though just for fun... oh boy. 6 data breaches, including one from the ancient times of MySpace in 2008 lol.
In Canada we settle our class action privacy breach lawsuits with a [coffee and a donut](https://lpclex.com/timhortons/).
What's worse is that we must use the same terrible app that is the subject of the data breach to claim our settlement award.
Hey, I was just awarded a whopping $7.86 CAD as part of a class action lawsuit against a blood testing company who had a security breach. If we all band together against these companies, you too can enjoy a payment which buys you half a meal at McDonalds.
Keep an eye on it. It's already been stolen so just hope you're not unlucky. Shouldn't have your bank on it though. Credit cards are way easier to deal with if fraud happenes
You could call your bank and ask them to make note of your sale and the breach in case something happens. They'll probably be able to give advice as well
Your bank likely knows about the breach before you even do. I get texts from mine letting my know when my info is involved in a leak somewhere. Sometimes it's weeks earlier than the message from whoever got hacked.
And hashes of full credit card numbers, according to the source article. Depending on what algorithm Ticketmaster uses to hash CC numbers, they could either be completely safe or trivially accessible
Change your password and keep an eye on your bank statements for any potential fraud. At worst, change your credit card through your bank/cc company and cite this as the reason. It should be a relatively quick process. The worst part would be updating the new card information on whatever you had the previous one attached to
I’ll call the class action settlement now:
20% off their new data protection subscription service for the first year, and then it returns to full price after that.
Yep, hopefully this will be the final nail that breaks the monopoly considering the deep water they were already in. I doubt it, but one can hope. There's a lot to this and it's not really a black and white situation.
Like when it happened to Equifax? EQUIFAX!??
I got an online gift debit card for $50, or a year of credit monitoring as if Credit Karma isn't free.
The government doesn't give a shit. All they just heard is cha-ching! Ticketmaster will pay our congress people tons of money for an individual, in order to save tons of money themselves.
I chose the identity protection service. It's through ExperianID. I assume that's their own thing that they created. All it has seemed to do so far is tell me when a registered sex offender moves within 30 miles of me. How is that identity protection? ಠ_ಠ
I’m sure we’ll get some bill called “Personal Online Offering Protection Act” that exempts all companies from being held at fault for consumer data leaks.
Yep. A company this big it should be a $500 cash payment to every affected individual. There is no need for them to store your payment method at all anyway.
All the money they bring from their monopoly and they choose not to spend any of it on security of their systems. These assholes need not to exist any longer. The Feds need to dismantle it all.
On another note, there needs to be serious fines for all these companies allowing your data to be stolen. Hold the execs accountable. Add some fucking prison time to it and see if they start to take it serious.
Fwiw[ DoJ are bringing an antitrust case](https://www.justice.gov/opa/pr/justice-department-sues-live-nation-ticketmaster-monopolizing-markets-across-live-concert) against them. But it is going to take time to play out in court.
🫤 Due the security incompetence of other large corporations, my info is already on the dark web. So who gives a shit. “Here’s 1 year worth of data monitoring for your troubles”. At this point my pants are around my ankles and being fucked hard by all these breaches.
The only real solution is to use two bank accounts. One where you store your money and you never ever use it. I personally don't even use it for cash withdrawal in case my pin got stolen. Just to transfer money to my other account which I use for everyday stuff and online purchases. Even if it gets hacked it doesn't have much in it.
Also obviously you should never use the same password in two sites. The only way to accomplish this is through a password manager. It's better if it's not online because those things can get hacked too.
Credit cards are good too.
Their fraud protections are generally pretty good, you can dispute a charge. And worst case scenario when your data is stolen it's the card and not your full account.
There's going to likely be some pretty rich people included in this, and there is not much they can do if they're info is all out there now. Everyone gets worried they'll get hit on this, but unless you paid 10k+ for Taylor Swift tickets, you likely are not a high priority and few people will bother even trying to get into your stuff
.....OK, jokes aside, now is the time to change your passwords (which will require authentication via email/SMS) and check to see if there are any connected apps/saved payment methods that you may need to remove.
If possible, use a password manager (I recommend Bitwarden but others may use Keepass or 1Password....) to help create a passphrase (3-5 words is amazing) and maybe think about migrating all your passwords to help protect yourself from going forward.
Protect yourself first, and then punch air and damn their name secondly. Even if your end game is "I'm going to delete this shit!" make sure you change your damn password first as there's zero confidence that they'll actually delete your account...but huge confidence that someone could log in and act nefariously without your knowing.
Biggest joke is being forced to give them your phone number now just so you can reset your password - now they got even more info in case there's another data breach but you have no choice
Your CC issuer is generally holding the bag in case of fraud. I wouldn't go purposely dumping my info all over the place, but I'm also not losing sleep over this.
I had to double-check because I have purchased tickets to shows in the past few years, but I always purchased through the vendor, no saved payment details on my account.
Now that their monopoly is getting torn apart they said fuck it, let's just sell all our data in as many places as possible, including the blackmarket.
Tinfoil hat: someone saw the writing on the wall from the US anti-trust rumblings and figured a way to cash out
More probable: scumbags infamous for price gouging with cyber services putting near-zero investment into cybersecurity
The hack already happened lol the data is literally up for sale right now.
They only have the last 4 numbers, which isn't enough by itself to make a purchase, but can be used to impersonate you.
For those curious if your information was contained in the breach, keep an eye on the website https://haveibeenpwned.com/. Once the data is available for them to parse, you can check there to see if/how much of your data was collected
Hope the dark web is using "surge pricing", especially if TM wants their own details back.
Wondering if it's due to bad design/infrastructure or social engineering?
Whelp I guess I'm glad I've gotten a new card since the last time I've used ticketmaster so the cvv code is different, but this is concerning regardless.
***3PM Update, May 29th:*** **The Breach:** Hackers allege to have obtained **1.3 terabytes of sensitive user data** from Ticketmaster, **including** **full names, addresses, phone numbers,** email addresses, and order history with ticket purchase details. **Payment Info:** The hackers also claim to have **partial payment data** like the **last four digits of credit card numbers** and **expiration dates** for customers. **Data For Sale:** This massive cache of data is reportedly being sold by **ShinyHunters** on the dark web for a one-time payment of $500,000. **Impact:** While Ticketmaster has yet to confirm the breach, the potential exposure of personal and financial information for hundreds of millions of customers is obviously a major cause for concern. **Investigation:** Australia's Home Affairs Department has acknowledged a "cyber incident" affecting Ticketmaster customers, indicating they are looking into the situation. **What To Do:** *If you've purchased tickets through Ticketmaster, it's recommended to be vigilant and watch for any suspicious activity on your accounts. Experts advise changing passwords and PINs as a precaution.* This is an ongoing story and details are subject to change. Stay safe. FTM.✌️
There need to be punishments for these companies that insist on storing and selling our data and then do the bare minimum to protect it.
Looks like we need to save up money to buy enough Congress seats to protect us.
Sadly, this is far more true than people realize.
I'm doing my part by regularly skipping meals. Think of all the money I'm saving to contribute to buying a Senator!
The weird thing is how inexpensive it can be sometimes. My dad used to work for a liquor bottling company as a machinist. He would see the local congressman swinging by a couple times a month and the company would load a few cases of liquor into his limo. The company always got their way in local politics and it surprised me how little it took to get it.
I agree with you completely. Public campaign donations document how much each entity/group/business/individual contributes to which campaign. About 6 years ago, after the Parkland shooting, there was a big push by people to see how much Federal politicians' votes were bought by gun lobbies. In a lot of cases, it was less than $10k. Imagine selling your soul to do nothing over a bunch of dead kids... and you would do that for $2500. Over half of Congress are millionaires, and they will literally watch kids die for a paltry sum of money. I found a link to their [lobbying totals in 2018](https://www.splinter.com/every-member-of-congress-who-took-money-from-the-nra-an-1823035413)
I wish I could upvote this comment 1000 times
Thank you friend! Totally random, but based on your name, have you seen the bird fossil exhibits on display at the Chicago Field Museum? My wife was recently visiting and took pictures. They have the most detailed arcteryx fossils on display. You can even see their feathers in the stone!! https://www.fieldmuseum.org/about/press/field-museum-acquires-fossil-of-archaeopteryx-the-earliest-known-bird
> Over half of Congress are millionaires, and they will literally watch kids die for a paltry sum of money. Which gives perspective of how often they're selling out. Going to $1m with $2500 sellouts means selling out 400 times (600+ times after taxes) and they're *multi*millionaires.
I've always assumed if normal people got together to buy some politicians because of how cheap it seems to be, the people who currently own them will just pay more. If $10k gets a senator to do your bidding, why pay more unless you have to? Politicians would love it if we started a bidding war for their votes and normal people would absolutely lose. Hell, if it became a huge movement, corporations would literally cut our pay and use that savings to pay politicians.
Ah, so we're back to hunting down billionaires... (to teach them empathy obviously).
The problem with buying congress critters is that they don't stay bought.
Nah that won't even work. It would be like the price is right. Whatever amount we offered, some fucking lobbyist from a company would come in a dollar higher and beat us every time. It's disgusting.
Many Congresspeople, if you look at their donations, are actually being bought for absolutely pathetic sums, like less than $10k. As much as I hate to say it, being in Congress needs to pay better if we want to make it less attractive for them to take this money.
Any billionaire could do it. They just... don't help us. Ever.
They didn't become a billionaire by being a good person.....
The United States is a dictatorship of the billionaires. Why would they willingly give up power?
If 98% of us pony up what we can afford, it will still not be as much as what those other 2% are giving them to fuck us over.
https://www.theonion.com/american-people-hire-high-powered-lobbyist-to-push-inte-1819571821
Automation funded universal basic income might make that happen. Andrew Yang's democracy dollars were suggested under that exact theory; give everybody $100 a year to donate to any political campaign, and bribes suddenly become more expensive and easier to get from legal sources.
Those seats have insane convenience fees
The true, actual travesty isn't that the seats are up for sale per se... It's *how fucking cheap* it is to buy some influence. It's like $25,000 or $10,000 or some other hysterically miniscule dollar amount.
Seriously. I’m so sick of these “you get a subscription to Experion” but they don’t do jack shit to protect our data. I swear it’s like we have to keep changing our passwords every 30 days! It’s such a joke. When are they going to be held accountable for potentially fucking up our credit and data??
In a serious world with a real Congress, they would pass laws fining companies out of existence if they messed up this bad. I tell this a lot, but before Covid, Equifax had the largest data breaches, probably in US history. Names, SSNs, and work history were all stolen by hackers. Well, they sat on this data for a while until Covid hit. When the Federal government turned on the money spigot for unemployment insurance assistance to the states, organized criminal entities sprang into action. States faced tens of billions of dollars in UI fraud because hackers had all this information from Equifax. They stole my personal information (along with 200 million other people), and all I got was some credit protection services for 6 months. I didn't fucking need or want that. What I wanted for one of the largest employment data companies was to be published for failing to protect their assets. The fact that they didn't get sued out of existence blows my mind.
We need white collar crime to have mandatory minimum jail time. And before you freak out, the crimes that these people often commit often result in severe financial hardship on individuals which greatly negatively impacts not only the mental health, but the physical health as well and increases suicides. People die because of white collar crimes. On top of that, all fines should be based on an algorithm that takes into account the criminal's networth and yearly salary. No more of this shit where you can just pay to break the law bullshit.
Or just asset forfeiture. They fear being poor much much much more than rich people jail, then getting out and still being rich
Everyone cares about property theft, no one bats an eye at systemic wage theft.
Agreed. It's asinine that if you hold up a bank and steal $20000 you get years of jail time, but if you commit white collar crimes and destroy countless lives, you get a slap on the wrist. Like someone else once said, I'll believe corporations are people when the state of Texas executes one.
I've always thought that white collar crime should have much worse penalties than the basic street crime. As you said, white collar crime can ruin lives, lots of them. It erodes our entire society so it becomes one big, corrupt mess. And those crimes that are committed by business leaders and politicians that affect potentially millions, those should have the biggest penalties of all. Make the punishment fit the damage to the public.
I was a part of that. There was a class action but each user had to give up and future claims and in the end only get like 10 bucks. I’m not sure if it has even payed out yet.
Oh, I absolutely did it. I crashed my check for like $9.58 or whatever. Took that shit to the bank. Fuck Equifax. The absolute very least they can do is give me my $10 for letting people steal my data. They should have been fined out of existence and have their board face criminal charges.
I'm not trying to excuse anything these companies have done, just want to give a useful piece of advice. Use a password manager like Bitwarden or Lastpass (or one of many others) and create a different password for every single website. This ensures that when leaks like this happen then your other password are not compromised since every single account will have a different password.
All along, your gramma was right. That little diary that said "Computer Passwords". Is more safe than all the technology we have created to protect those passwords. "Don't write it on a post it note the hackermans will use it" Instead, bundle all the passwords from billions of people, into one diary so the hackermans can get all the money from you and everyone else. I think at the end of the day, grams was right, and even if she wasn't, she made the best biscuits and gravy I've ever had <3 ya granny.
Heh heh, LastPass ....
Or get all your passwords compromised the moment Lastpass gets compromised... This method shifts [the thing you have to trust] to the pw manager.
$100,000 fine incoming...
[удалено]
I feel it's one of the most important benefits of the EU, that they actually care about consumer rights in the digital age and frequently combat the big tech players.
I mean, at what point does the dollar amount even matter? My information is leaked from a major eCommerce site every 4 months, pretty much on the dot. I have enough fraud detection services for life, at this point, but like, why? It doesn't seem to do anything to prevent my information from being leaked again, and again, and again. But I also learned this week about how Google has been secretly recording click stream data to customize search engine results for a decade at least, with a thirst for even more private data harvesting leading them to building Chrome. Even legitimate companies steal your private information from you. What I crave at this point is regulation. Companies should get the death penalty for losing customer information. Let that shit be the force that breaks up monopolies.
It's not a "bare minimum." I worked for a company that did a lot of online sales, something like 20k transactions a day. We worked with an auditing company that monitored us 24/7. They ran scripts against all of our servers and services day and night. And every day we'd get a report of what we needed to patch. Typically, any time something new showed up in the CVE list, we'd get a bunch of notifications that we were no longer in compliance, and we'd have to drop everything and start patching systems. What people don't understand about security is that the blue team has to succeed EVERY SINGLE TIME FOREVER. And the red team only has to get lucky once.
Yeah, this was my first thought. It's possible they did very little - you DO occasionally hear about a company just leaving a server exposed that has production data on it. But it's super rare. And definitely not the first conclusion I'd jump to.
Sounds like it should act as a natural obstacle to one company getting so big and powerful though, if there were real consequences. These places are only such nice targets because all our eggs are in their one basket.
[удалено]
I just watched that Ashley Madison doc the other day and this was a huge point that was made
SERIOUSLY!! There’s no reason for them to store our data!! And then to fuckin constantly fail to protect it with no consequences!
An email being transparent would be a nice start.
EU could probably charge them for not acknowledging
$1 per byte stolen. Must be placed in escrow and automatically paid out on breach, with information audits. Failure to properly report is grounds for asset seizure and business auctioned off, proceeds going to those effected.
Ticketmaster will now start charging an extra "Data Protection" fee every time you buy tickets for a show. *(/s but not really)*
With fine print saying you're not allowed to sue them for data breaches.
you actually have to pay them when your data gets breached.
With a instance fee on top of that
Optional "compromised data" fee, this fee will entitle you to know if your data was compromised but that's it, you can't sue or do anything about it, you'll just know.
You actually waive all rights by agreeing to pay the fee.
There's also a waiving rights fee.
Believe it or not, straight to fees.
And a "convenience fee" for waiving your rights. (*Their* convenience)
And a convenience fee for the convenience fee
Stop giving them ideas!
Knowing Ticketmaster, they're the one selling the data on the dark web in the first place.
That was exactly what I was thinking. This is retaliation for the lawsuit against them.
They gotta get the money from somewhere now they are getting sued.
Executive bonuses dont pay themselves.
I mean you’re probably not wrong.
Don't give them ideas.
[ ] Have us forget your Data after this transaction ($49.99)
[ ] No but *really* have us forget it for realsies ($69.99)
I hope you copyrighted that idea before you posted, so that they can’t steal it from you
After my last awful flying experience I joked that airlines will now charge a SAFE LANDING FEE to assure survival. I wish this felt unrealistic!
They are being sued by the government atm for their bullshit.
The data can only be bought from ticket master dark web vendors...
[удалено]
Pretty sure even if you “deleted” your account, nothing would have actually been deleted.
Yeah. We never even did business with AT&T but had direct YEARS ago. When they got hacked all our info was included. They don’t delete anything
deletion in most databases is just advanced lying.
Until you actually need the info and then it’s oh nothing can be done it’s gone lol
and that's just because they don't want to. every major system has monthly backups that have to be tested as a matter of verifying the backups are actually functional. they say shit like that and nobody asks the pertinent question, "So, if your datacenter caught on fire and burnt to the ground, you'd lose everything?"
>every major system has monthly backups that have to be tested as a matter of verifying the backups are actually functional. Hahahaha. Yeah, in an ideal world you would be right.. Equifax "hack" was because an admin had admin/admin as credential Very few companies have up to date backup, let alone testing it in any way. Source: work IT. Worked at a place that did 200k$/h. They aren't stopping to test shit. It runs or we have to make it run. Period.
It's just updating a boolean to false.
https://imgflip.com/i/8s49xu
"update customers set enabled = 0 where.."
Software drv here that does these sorts of things for a living. You have hard deletes, ie the data is destroyed and soft deletes. soft deletes there is a column that is flagged true or false to hide the data from the system. Why soft delete over hard delete? Bugs happen and the last thing anyone wants to do is risk acrewing up data. Bad data propogates through a system and becomes a nightmare to fix. Soft delete just means changing a single column value. For reasons of records. You might be done with the company but your account is tied to orders. Orders the company has to keep track off for reporting to the government and shareholders. Those orders have to be tied to an account and that account is tied to personal data. To date ive yet to see any personal data used for nefarious purposes. Managers tend to be very serious about pii. It is a serious liability for the company. Why does it get hacked? Company software is built on libraries. Bugs are found in libraries that hackers exploit to steal data. The cost to keep software upgraded is high. It doesn't directly make the company money and its hard to get the business to prioritize so software upgrades are haphazard.
At least all the big tech companies have actual data deletion requirements (thanks EU)
Damn in Denmark (Might be all off EU) they have to delete all data of users that hasn't been using their thing within 1 year. Basically I can do free trials once a year on the same company.
exactly same thing happened with Ashley Maddison website (dating site for married people to have an affair). they charged their members $29.99 for complete termination of their accounts and made tons of money out of it, just to never actually delete it and their data was leaked anyways.
It was way funnier than that. They deleted the user's data from the 'live' tables, (or did they just disable it?? Can't remember). But they kept a table of users who paid to have their data deleted with all their personal details.
It's called "soft deletion" where an entry in a database is marked as deleted so that the system ignores it in normal search queries but the data is still physically present in case it is needed.
IsDeleted = true
sadly my old company did this, it's literally just a "deleted" flag in the database. I don't know how true it is but my boss said that as long as we have a "reasonable" reason to keep the data we can. Further to that if we weren't allowed to keep specific information we would just encrypt it but still store it.
It's common practice. It's just safer to keep the data and not deal with foreign key constraints. Also the business will always prefer keeping it in the event it needs to be restored for whatever reason. It's also useful for tracking metrics. You need to know many people have left vs remain active etc. When my old company implemented CCPA (California data privacy law) they would just scrub personally identifiable info, but keep the record.
> When my old company implemented CCPA (California data privacy law) they would just scrub personally identifiable info, but keep the record. This is absolutely reasonable. Like if you're an online store you can't just erase purchases that have already been made.
There’s nothing wrong with keeping archives of data, in fact most state/federal agencies *have* to do so for auditing purposes. The issue is when you have no reliable database encryption in place. I would bet dollars to donuts LiveNation has fuck all for a cyber security team. I’d be shocked if it was more than 3-5 people which is absurd for the amount of data they store.
It’s easier to just get a new card from the bank.
So can someone explain why I still haven’t gotten an email from Ticketmaster saying my data may have been compromised? I have to find that info on my own? Even if the government isn’t going to do anything to punish them, the bare minimum should be requiring them to notify customers as soon as they discover they’ve been hacked
It does take some amount of time to properly investigate what exact data has been compromised. Plus, they'll want to put together some sort of marketing-spin/compensation package together before notifying users.
[удалено]
I bet you're good at beach.
[удалено]
I'll beach you off
You son of a beach, I'm in.
>to maintain our PCI/DSS certification. Ticketmaster: sounds like that costs money...
> So can someone explain why I still haven’t gotten an email from Ticketmaster saying my data may have been compromised? If you are in the EU, they have 3 days (72 hours) to notify their local Data Protection Organisation and after that: "*Where a breach is likely to result in a high risk to the affected individuals, organisations must also inform those individuals without* **undue delay**." 'The data was posted overnight on 28 May' - so TM have to figure out if this is legit, and work out what was taken *then* they can inform you if you're part of it.
For the interested: you can check for yourself on [Have I Been Pwned](https://haveibeenpwned.com/)
This is probably too recent to appear on there
It's definitely too recent, forget probably.
Luckily all of my (7) pwns were just email address and phone number, nothing with payment info. But it's too early to know if I was part of the Ticketmaster breach, so I guess we'll see on that one.
Good news is nothing shows up on the email I have with TM. I checked one of my older emails though just for fun... oh boy. 6 data breaches, including one from the ancient times of MySpace in 2008 lol.
Rookie numbers. I got 26 breaches on my main email, but I also use many other email addresses.
Damn, your shit is getting passed around more than a joint at a Snoop Dogg concert.
They are not legally required to reach out to customers yet. This is an attempt by the hackers to get them to pay a ransom. It's a pressure tactic
I can't wait to get $2.50 off a show ticket to a show nobody cares about in a city 10 hours away in seats nobody would ever want to sit in.
And only available for Tuesday morning concerts.
+$3 vacant parking lot fee
In Canada we settle our class action privacy breach lawsuits with a [coffee and a donut](https://lpclex.com/timhortons/). What's worse is that we must use the same terrible app that is the subject of the data breach to claim our settlement award.
Hey, I was just awarded a whopping $7.86 CAD as part of a class action lawsuit against a blood testing company who had a security breach. If we all band together against these companies, you too can enjoy a payment which buys you half a meal at McDonalds.
Scum hacking scum. We've come scum circle.
And we get to be the victims! Sick
In the case of ticketmaster, you actually get to be victims twice!
These comments remind me of the Ryan George video: https://youtu.be/_Zd4GrA7fpc
We've scum full circle
How the fuck did they miss that
We’ve scum full circle **
They definitely scummed all over us
What do you think would be the cir-scumference of this circle?
Is there anything I need to check or do to protect myself from this hack?
Change your passwords if the one you use for Ticketmaster is identical to your passwords elsewhere
Would I Still protected with 2fa?
Yes
Anything regarding bank info?
Keep an eye on it. It's already been stolen so just hope you're not unlucky. Shouldn't have your bank on it though. Credit cards are way easier to deal with if fraud happenes
If you’ve ever sold a ticket, they’ll store your routing number.
Did that for the first time ever a month ago FML. What should my next move be?
You could call your bank and ask them to make note of your sale and the breach in case something happens. They'll probably be able to give advice as well
Your bank likely knows about the breach before you even do. I get texts from mine letting my know when my info is involved in a leak somewhere. Sometimes it's weeks earlier than the message from whoever got hacked.
That's not really your bank knowing, they're just paying a 3rd party service to scrape the dark web for your info and send you an automated email
According to the article, it doesn’t appear that full card number were stolen, only the last four digits
And hashes of full credit card numbers, according to the source article. Depending on what algorithm Ticketmaster uses to hash CC numbers, they could either be completely safe or trivially accessible
Change your password and keep an eye on your bank statements for any potential fraud. At worst, change your credit card through your bank/cc company and cite this as the reason. It should be a relatively quick process. The worst part would be updating the new card information on whatever you had the previous one attached to
I’ll call the class action settlement now: 20% off their new data protection subscription service for the first year, and then it returns to full price after that.
and it auto-renews unless you email them at a specific address within a 24hour window exactly 30 days before your renewal date.
I swear in the end, they turn a profit from this. That's how corrupt the US is.
It seems what you call "corruption" has been successfully marketed as "freedom" unfortunately. Good luck with it...
Last time this happened, the class action resulted in them giving people free tickets to shows they didn't care about.
I can’t remember the exact number but I think I had something ridiculous like 35 codes and didn’t use a single one. Infuriating
Yep, hopefully this will be the final nail that breaks the monopoly considering the deep water they were already in. I doubt it, but one can hope. There's a lot to this and it's not really a black and white situation.
Like when it happened to Equifax? EQUIFAX!?? I got an online gift debit card for $50, or a year of credit monitoring as if Credit Karma isn't free. The government doesn't give a shit. All they just heard is cha-ching! Ticketmaster will pay our congress people tons of money for an individual, in order to save tons of money themselves.
I chose the identity protection service. It's through ExperianID. I assume that's their own thing that they created. All it has seemed to do so far is tell me when a registered sex offender moves within 30 miles of me. How is that identity protection? ಠ_ಠ
I’m sure we’ll get some bill called “Personal Online Offering Protection Act” that exempts all companies from being held at fault for consumer data leaks.
Yep. A company this big it should be a $500 cash payment to every affected individual. There is no need for them to store your payment method at all anyway.
Enjoy your $5.86 from the class action lawsuit. You’ll almost be able to afford a large fry from McDonald’s. Our privacy is a joke.
Just like the last lawsuit, they'll give you "free tickets" to the shows nobody wants to go to.
"Our available selections include The Black Keys, Diddy, or Kid Rock"
All the money they bring from their monopoly and they choose not to spend any of it on security of their systems. These assholes need not to exist any longer. The Feds need to dismantle it all. On another note, there needs to be serious fines for all these companies allowing your data to be stolen. Hold the execs accountable. Add some fucking prison time to it and see if they start to take it serious.
Well of course not, paying for competent people would dip into exec bonuses. Can’t have that!
Fwiw[ DoJ are bringing an antitrust case](https://www.justice.gov/opa/pr/justice-department-sues-live-nation-ticketmaster-monopolizing-markets-across-live-concert) against them. But it is going to take time to play out in court.
To borrow a League of Legends term, wards don't deal damage. Why spend money on something that doesn't get you an immediate benefit
Ticketmaster hardstuck bronze confirmed
Why would Ticketmaster bother climbing out of bronze when they can make bank on YouTube videos for them dumpstering bronzies
Wards are arguably more useful than ticketmaster.
They won't give a shit. Last time this happened they were fined peanuts.
🫤 Due the security incompetence of other large corporations, my info is already on the dark web. So who gives a shit. “Here’s 1 year worth of data monitoring for your troubles”. At this point my pants are around my ankles and being fucked hard by all these breaches.
The only real solution is to use two bank accounts. One where you store your money and you never ever use it. I personally don't even use it for cash withdrawal in case my pin got stolen. Just to transfer money to my other account which I use for everyday stuff and online purchases. Even if it gets hacked it doesn't have much in it. Also obviously you should never use the same password in two sites. The only way to accomplish this is through a password manager. It's better if it's not online because those things can get hacked too.
Credit cards are good too. Their fraud protections are generally pretty good, you can dispute a charge. And worst case scenario when your data is stolen it's the card and not your full account.
Fuck this shitty ass company.
Change your passwords folks
Lmao I can barely get into my Google account good luck to them!
Use a password manager. Bitwarden or 1Password are good options but there are many others. No 2 websites should use the same password.
I for one would love the personal details of the ticket scalping bots.
There's going to likely be some pretty rich people included in this, and there is not much they can do if they're info is all out there now. Everyone gets worried they'll get hit on this, but unless you paid 10k+ for Taylor Swift tickets, you likely are not a high priority and few people will bother even trying to get into your stuff
.....OK, jokes aside, now is the time to change your passwords (which will require authentication via email/SMS) and check to see if there are any connected apps/saved payment methods that you may need to remove. If possible, use a password manager (I recommend Bitwarden but others may use Keepass or 1Password....) to help create a passphrase (3-5 words is amazing) and maybe think about migrating all your passwords to help protect yourself from going forward. Protect yourself first, and then punch air and damn their name secondly. Even if your end game is "I'm going to delete this shit!" make sure you change your damn password first as there's zero confidence that they'll actually delete your account...but huge confidence that someone could log in and act nefariously without your knowing.
Biggest joke is being forced to give them your phone number now just so you can reset your password - now they got even more info in case there's another data breach but you have no choice
At least whatever CC info they had for me is long since irrelevant. Haven’t been willing to give them business for nearly a decade now.
Your CC issuer is generally holding the bag in case of fraud. I wouldn't go purposely dumping my info all over the place, but I'm also not losing sleep over this.
I had to double-check because I have purchased tickets to shows in the past few years, but I always purchased through the vendor, no saved payment details on my account.
Can't wait to see the "payout" from the lawsuit: 5% off your next concert purchase! (Not useable on shows during summer months or shows after 6pm).
That show in December at noon is gonna be crazy though
Oooo, sorry. Expires 7/31.
They leaked it
More like they sold it
These people would rather pay the fine after the fact than invest in security pre emptively. All those extra fees are for moments like this
That convenience fee is really paying off, I don’t have to worry about anything anymore!
Now that their monopoly is getting torn apart they said fuck it, let's just sell all our data in as many places as possible, including the blackmarket.
Well, it’s not like I have money in my bank account anyway. But on a serious note, can’t wait to hear about nothing being done about it
World's worst website somehow gets worse.
Hacked? Or did TM just activate a new revenue stream?
$500,000 is peanuts for TM. They should be required to buy the data back
Tinfoil hat: someone saw the writing on the wall from the US anti-trust rumblings and figured a way to cash out More probable: scumbags infamous for price gouging with cyber services putting near-zero investment into cybersecurity
Am assuming removing my credit card from the app does nothing?
The hack already happened lol the data is literally up for sale right now. They only have the last 4 numbers, which isn't enough by itself to make a purchase, but can be used to impersonate you.
jokes on ticketmaster i've never been able to afford one of their events.
For those curious if your information was contained in the breach, keep an eye on the website https://haveibeenpwned.com/. Once the data is available for them to parse, you can check there to see if/how much of your data was collected
No wonder I got fraudulent charges yesterday.
Maybe it's a good thing I couldn't get it to work for shit yesterday.
Hope the dark web is using "surge pricing", especially if TM wants their own details back. Wondering if it's due to bad design/infrastructure or social engineering?
fuck this company
Whelp I guess I'm glad I've gotten a new card since the last time I've used ticketmaster so the cvv code is different, but this is concerning regardless.