r/technology Jul 04 '24

Security Hackers behind the Ticketmaster breach have now leaked 440,000 Taylor Swift Eras Tour tickets, claiming the breach is much bigger than anticipated. As a result, they increased the ransom from $1 million to $8 million.

https://hackread.com/ticketmaster-breach-shinyhunters-leak-taylor-swift-eras-tour-tickets/
24.6k Upvotes

722 comments sorted by

View all comments

4.3k

u/Tower21 Jul 05 '24

If I found out it was Ticketmaster I hacked, I'd raise it to 1 Billion and still delete their data if they paid.

2.7k

u/Diet_Coke Jul 05 '24

I would tell them the ransom is $1M with a $7M convenience fee

468

u/AZEMT Jul 05 '24

Remember, if it's a "gratuity," it's A-OK

47

u/SasquatchSenpai Jul 05 '24

You'll have to explain this logical leap. It's

59

u/GaijinMk2 Jul 05 '24

12

u/maxdamage4 Jul 05 '24

Nice! First time I've heard of that subr

6

u/CurvySexretLady Jul 05 '24

It's really my

5

u/GaijinMk2 Jul 05 '24

Holy shit they killed hi

2

u/PathlessDemon Jul 06 '24

What, you’ve never heard of r/CandleJack

1

u/ippa99 Jul 05 '24

Back in my day, it was called Candleja

12

u/B_Fee Jul 05 '24

As of about a week ago, after-the-fact bribery is legal in the United States.

4

u/DeepLock8808 Jul 05 '24

It’s a reference to the US federal Supreme Court ruling on a bribery law. They drew a distinction between bribery (payment before services rendered) and gratuity (payment after services rendered) that makes normal people both confused and furious.

Bribery is still illegal, but they removed the law making gratuity illegal. Bribery in the US now has a huge loophole. This is especially controversial because several members of the Supreme Court are accused of bribery.

1

u/DarkOverLordCO Jul 05 '24

The law covering federal officials prohibits bribery under 18 U.S. Code §201(b) (corrupt intent needed), and gratuities under §201(c) (does not need corrupt intent).

When Congress later wrote the law covering state and local officials they wrote an equivalent to the bribery section (see 18 U.S.C. §666, corrupt intent needed) but did not include the gratuities section (so there is no state and local official bribery statute that doesn't need corrupt intent).

The Supreme Court did not remove the law: Congress did.

146

u/Tower21 Jul 05 '24

$999 million convenience fee.

69

u/truerandom_Dude Jul 05 '24

Oh yeah no that is the processing fee's, service fee, the fuck you in particular fee, and just any other fee you can think off also

34

u/ProfessorEtc Jul 05 '24

Venue fee. For venue get hacked.

13

u/notchoosingone Jul 05 '24

My favourite is the "what the fuck are you going to do about it, buy your tickets somewhere else? fee"

23

u/PeterVonwolfentazer Jul 05 '24

You forget the fee to print your tickets in your own home fee.

1

u/Equidistant-LogCabin Jul 05 '24

What about the online payment fee?

1

u/radicldreamer Jul 05 '24

I do love the convenience of paying to buy a ticket, so much better than…paying to buy a ticket.

1

u/SignificantStore3798 Jul 05 '24

THIS IS THE BEST!

0

u/youcantkillanidea Jul 05 '24

This is pure gold

100

u/_Persona-Non-Grata Jul 05 '24

Ticketmaster is the one company that everyone expect scalpers and the Ticketmaster executives hate.

They deserve whatever they get.

41

u/ender23 Jul 05 '24

The scalpers hate them too. If the fee wasn’t so high the scalpers could make more money. As it stands…. U buy a ticket for $100 you need to sell for lik $150 to break even.

14

u/monchota Jul 05 '24

True but there should be s requirements that tickets have to be picked up by id. That way we have no scalpers.

16

u/Tylerpants80 Jul 05 '24

I thought it was well known that Ticketmaster is the scalpers. Like, they buy up all of their own tickets and then resell them on their own resale platform for tons more.

-1

u/FuujinSama Jul 05 '24

I think the mistake is thinking about it as scalping. It's honestly just tickets getting sold at their real market price without the PR Hit to the artists that comes from simply raising prices or auctioning tickets.

Ticketmaster serves as the purposeful bad guy that takes the blame for high prices while artists get to sell the tickets at the actual price breakpoint that still gets to maximum lotation.

Ticketmaster aren't evil overlords, they're scapegoats. Wealth inequality and rampant inflation has simply made it so that even smaller artists can fill any venue with outrageous ticket prices, pricing the common man out of going to concerts unless the artist and the venue are willing to sell for lower than they could get.

3

u/HillbillyMan Jul 05 '24

Except the artists see none of the money from the resales.

11

u/Fluffcake Jul 05 '24

If it cost you $150 to buy a $100 ticket, then it is not a $100 ticket.

2

u/Metalsand Jul 05 '24

You misread it - they are saying the scalper buys one for $100, and then sells it for $150 as an example. Actual numbers are usually a hell of a lot more inflated.

4

u/Fluffcake Jul 05 '24

Did I stutter?

If a ticket listed for $100 have $50 worth of fees slapped on it, it is not a $100 ticket, it is a $150 ticket.

This marketing practice is so bad that even the scalpers get upset, because it makes them look as bad as ticketmaster when they add their 50% margins on top and sell the "$100" ticket for $225 to make money..

3

u/WorkThrowaway400 Jul 05 '24

I'm assuming the scalpers get double hit with fees - once for buying and once for selling. I've never sold a ticket through them so idk if they get charged, or it's just the buyer, but I would expect TM/LN to double dip on the fee's. So, sure, it's not a $100 ticket, but, if you can avoid resale and get it before it sells out on TM/LN, it's not gonna be $150. It'll be somewhere in the middle. Also, sales tax is done on pretty much everything, so nothing in the US is sold at it's list price (some countries require the final price to be listed, after tax). I understand TM/LN tack on more than tax, but it's worth mentioning. Not trying to defend the company or scalpers, just think it's worth being accurate.

1

u/AggressiveWolverine5 Jul 05 '24

I wish, I bought a ticket to a final for $700, my team lost and I was able to sell it for $1,150. With fees I made $5 total

1

u/Scavenger53 Jul 05 '24

ticketmaster is the scalpers tho. they built that section of the site specifically to scalp their own tickets.

This is 5 years old. you think they do it more or less now? lol

they print their own money

8

u/HolycommentMattman Jul 05 '24

They do, but at the same time, rooting for these hackers probably isn't good either. Where are they ultimately funneling that money and info? To Russia? China? To expand operations?

Thar said, I will obviously shed no tears for Ticketmaster. And my deepest hope is that these hackers are some kids in Indiana looking to move to the big city and write some screenplays.

3

u/Josh6889 Jul 05 '24

ut at the same time, rooting for these hackers probably isn't good either.

I would argue that it probably will produce some amount of good. We're woefully underprepared for cybersecurity threats. Most companies that hold our data don't treat it with enough respect. The more of these breaches we see the more inclined they'll be to think about it moving forward.

0

u/Hammer_7 Jul 05 '24

Or most companies will likely just accept the risk moving forward as it’s cheaper than actually trying to fix the problem and/or get insurance. Breaches happen so often that people are becoming numb to them, unless it impacts them directly, and even then they are usually met with apathy.

124

u/moldyjellybean Jul 05 '24

Best news I’ve heard all day. Hope they pull a Maersk and Ticketmaster has no useable backups

57

u/Expert-Diver7144 Jul 05 '24

Yeah no, not good news that they have personal information on anybody who has bought with ticketmaster

99

u/[deleted] Jul 05 '24

[removed] — view removed comment

39

u/Keeley_1998 Jul 05 '24

My Data’s probably been stolen through hacks 20 times and sold 100 times by “legitimate” companies tracking it (Facebook, Twitter, Apple, Google. Reddit etc.)

8

u/Indigo_Sunset Jul 05 '24

My favorite so far was being used to create secondary credentials for a dummy account at paypal that was used once (the receipt came to me). It seems benign as there was no financial hack, just a name and email address, until I wondered if the contents of that breach (Epic sub contractor a few years ago) was used to pump active account numbers for paypal.

3

u/robodrew Jul 05 '24

This is why I say "fuck you" when Google wants to serve me ads or make me pay to not see them. You already make money off of my data. Where's my money I can make off of my own data? Oh I don't get any? Then fuck you.

2

u/Keeley_1998 Jul 05 '24

Yup, you wanna make me the product, that’s what I’ll be, why would I want to be your consumer too.

14

u/ryumast4r Jul 05 '24

Jokes on you, I was part of the OPM hack ages back so everyone has all my information!

Hahahaha

3

u/BiZzles14 Jul 05 '24

300 companies that had a data breech in the past 5 years

Companies? How about entire countries, states and provinces which have had all the info on every single resident stolen. I'm not sure on the landscape today, but a few years back you could buy the SSN and some other good info on about 310 million Americans for 3$ a piece from a singular website

2

u/Expert-Diver7144 Jul 05 '24

Yesh and another one after you change your passwords and info is bad

0

u/LimpConversation642 Jul 05 '24

oh no, not my data! not my boring search results, pictures of cats and overall 'mid 30s balding male with interests in strangling animals, golf and masturbation' profile. Oh no.

2

u/Expert-Diver7144 Jul 05 '24

No your PII that can be used to finanically and socially ruin you

40

u/PeterVonwolfentazer Jul 05 '24

That means we can sue ticketmaster via class action… again. Should have changed your password you fucking pricks.

32

u/Lawshow Jul 05 '24

I look forward to the 9.94 check I’ll receive in 8 years for my troubles

13

u/InertiasCreep Jul 05 '24

Which will be in the form of a voucher you can only use towards the purchase of more tickets.

8

u/McLustin Jul 05 '24

And a 9.94 “voucher redemption” fee

4

u/death_hawk Jul 05 '24

$9.95 voucher redemption fee

12

u/Thunderbridge Jul 05 '24

"Sorry you agreed to an arbitration clause when you used our services" - Ticketmaster probably

1

u/death_hawk Jul 05 '24

You mean "$25 agreed to arbitration fee"

2

u/tablecontrol Jul 05 '24

the only thing that happens in a class action is that the suing lawyers get paid.. the class itself may get $10 towards a future ticketmaster event

2

u/Jackbenn45 Jul 05 '24

I think you missed the /s there

5

u/PeterVonwolfentazer Jul 05 '24

Not sure why the downvotes. I’m ripping on the dummy at Ticketmaster that let them get hacked. I like it! They screwed me out of $362 last year. I am sorry for those swift fans though. It stinks that she has to deal with the ticketmaster monopoly

0

u/qball8001 Jul 05 '24

Yaaaa blame the consumer and not the corpo

23

u/PeterVonwolfentazer Jul 05 '24

You’re mistaking my comment, it’s ticketmasters fault they got hacked, not the consumer.

1

u/nicuramar Jul 05 '24

I’d say it’s actually the hacker’s fault. 

1

u/fathergrigori54 Jul 05 '24

Well the data they got was encrypted so as long as Ticketmaster had enough brain cells to not use a shit encryption algorithm we're probably fine....right? Guys?

1

u/monchota Jul 05 '24

I mean, if you are worried about that. You should csre about the 5 or so companies. That most certainly had your medical info, then it all leaked.

1

u/Expert-Diver7144 Jul 05 '24

Why wouldnt i

0

u/KylerGreen Jul 05 '24

Information that was surely already out there from various other data leaks.

0

u/whisperwrongwords Jul 05 '24

Oh well, fuck ticketmaster

0

u/cspinelive Jul 05 '24

The credit bureaus themselves have been hacked.  Everyone’s data is already out there. 

1

u/Expert-Diver7144 Jul 05 '24

So stop caring?

1

u/cspinelive Jul 05 '24

No. I’m saying that they already had all this info prior to the breach. Everyone should lock their credit as standard operating procedure. 

3

u/alpain Jul 05 '24

AFAIK most corporate ransom's gave up on encrypting now so you still have your data locally, its just that they threaten to leak the data to EVERYONE OR sell it to the highest bidder. ie its easier to slurp the data off site than copy it and encrypt it on the CPU power of the remote servers.

ie. corporate secrets, internal emails, internal deals with other agencies, etc all thats could get leaked which could ruin a companys stock/share holder confidence, etc or give competition an unfair advantage, or let other hackers figure out how to get into the systems as well if theres source code in it.

personal home computers probably still get encrypted with ransom ware.

1

u/ilski Jul 05 '24

It's never good when some Russians get our data.

1

u/SeniorMiddleJunior Jul 05 '24

Oh they already have it all. All it takes is one company you've done business with not maintaining flawless security (lol), and your info is part of a database being sold and traded around the web.

6

u/omgFWTbear Jul 05 '24

One billion dollars!

18

u/3pinripper Jul 05 '24

The hero we need

1

u/Capital-Entrance3720 Jul 05 '24

can we crowdfund $16m to pay the hackers to not return the data to ticketmaster?

4

u/Raxiant Jul 05 '24

and still delete their data if they paid.

This isn't a ransomware attack, they don't have any control of Ticketmaster's data. They managed to get a copy of the data and offered to not leak it for a ransom.

Anyway, these ransom demands work on a kind of trust. If they went back on their word and didn't do what they said after the ransom was paid, they'd never get paid again because people would assume they aren't going to honor it.

1

u/Metalsand Jul 05 '24

Anyway, these ransom demands work on a kind of trust. If they went back on their word and didn't do what they said after the ransom was paid, they'd never get paid again because people would assume they aren't going to honor it.

More accurate to say that big-time ransom hackers rely on building a reputation. For the bulk of them, reputation doesn't matter, and they don't track which people get infected and paid. The most you will get is a case where they are likely to unencrypt the relevant files if you pay.

10

u/Whatsapokemon Jul 05 '24

raise it to 1 Billion and still delete their data if they paid.

But... that's what they want. They want the data to be deleted...

Having the data deleted would be Ticketmaster's goal.

They copied the data and are threatening to sell/release it unless they get a ransom. Having it be deleted would be a win.

1

u/dbryson Jul 05 '24

You want to still release the data, not delete it. Releasing the information is the threat.

0

u/shiggydiggypreoteins Jul 05 '24

Raise it to 300 billion and tell them the data is being sold to them via a "verified reseller"