What to Do After the Ticketmaster Data Breach

Between April 2 and May 18, 2024, hackers from the ShinyHunters group stole personal data from approximately 560 million Ticketmaster customers in one of the largest consumer data breaches in history. The stolen data -- including names, addresses, phone numbers, email addresses, credit card numbers, and ticket purchase histories -- was listed for sale on the dark web for $500,000 on May 27, 2024. If you have ever purchased tickets through Ticketmaster, here is what happened, what was exposed, and exactly what you should do now to protect yourself.

What Happened

The breach targeted Ticketmaster's parent company, Live Nation Entertainment, through a third-party cloud storage provider called Snowflake. The ShinyHunters hacking group exploited stolen credentials from a Snowflake employee's demo account that lacked multi-factor authentication (MFA). This single point of failure gave the attackers access to a massive database containing customer records spanning years of ticket purchases.

Live Nation confirmed the breach in a filing with the Securities and Exchange Commission on May 31, 2024. The company stated that it had identified unauthorized activity within a third-party cloud database environment and was working to mitigate risk. The breach was not limited to Ticketmaster alone -- the same Snowflake vulnerability affected multiple other companies that used the platform for data storage.

What Data Was Exposed

The stolen database reportedly contained the following information for up to 560 million customers:

• Full names and physical addresses
• Email addresses and phone numbers
• Credit card numbers -- including partial card data and expiration dates
• Payment information and billing details
• Ticket purchase histories -- including events attended and amounts paid
• Account login credentials -- hashed passwords associated with Ticketmaster accounts

Immediate Steps to Take

1. Change Your Ticketmaster Password

If you have a Ticketmaster account, change your password immediately. Go directly to ticketmaster.com -- do not click links in emails or text messages claiming to be from Ticketmaster, as scammers frequently impersonate breached companies in phishing campaigns. Choose a strong, unique password that you do not use on any other site.

2. Change Passwords on Other Accounts

If you used the same password for Ticketmaster as for other accounts -- email, banking, social media -- change those passwords immediately. Credential stuffing attacks, where hackers test stolen passwords against other services, are one of the most common ways a single breach turns into multiple compromised accounts. Use a password manager to generate and store unique passwords for every account.

3. Enable Two-Factor Authentication

Enable 2FA on your Ticketmaster account and every other account that supports it. Prioritize your email accounts, banking apps, and any service connected to your financial information. Use an authenticator app such as Google Authenticator or Authy rather than SMS-based 2FA, which is vulnerable to SIM swapping attacks.

4. Monitor Your Financial Accounts

Review your credit card and bank statements carefully for unauthorized charges. Set up real-time transaction alerts with your bank and credit card issuers so you are notified immediately of any suspicious activity. If you find unauthorized charges, report them to your financial institution right away -- most credit card companies have zero-liability policies for fraudulent transactions.

5. Freeze Your Credit

A credit freeze prevents anyone from opening new credit accounts in your name. It is free and does not affect your credit score. Freeze your credit at all three major bureaus:

• Equifax: equifax.com/personal/credit-report-services/credit-freeze/
• Experian: experian.com/freeze/center.html
• TransUnion: transunion.com/credit-freeze

You can temporarily lift the freeze whenever you need to apply for credit.

6. Check if Your Data Has Been Exposed

Visit haveibeenpwned.com and enter your email address to check whether it appears in the Ticketmaster breach or any other known data breaches. This free service maintains a database of billions of compromised records and can tell you exactly which breaches have affected you.

Enroll in Free Identity Monitoring

Ticketmaster offered affected customers 12 months of free identity monitoring through a third-party provider. If you received a breach notification from Ticketmaster, follow the enrollment instructions included in that communication. If you believe you were affected but did not receive a notification, contact Ticketmaster's customer support to confirm your eligibility and request enrollment details.

While free monitoring is a useful starting point, it has limitations. Most breach-related monitoring services only alert you to certain types of misuse -- they do not proactively remove your personal data from the internet or prevent it from being sold by data brokers.

Watch Out for Scams

After any major breach, scammers target affected customers with phishing emails, fake settlement offers, and fraudulent identity protection services. Protect yourself by following these rules:

• Never click links in unsolicited emails or texts about the breach -- go directly to official websites
• Do not provide personal information to anyone who contacts you claiming to be from Ticketmaster or Live Nation
• Be skeptical of "settlement" emails -- verify any class action notifications through official court websites
• Watch for phishing attempts that reference specific events or purchases from your ticket history, as this data was part of the breach

Long-Term Protection Steps

The immediate response to a breach is critical, but long-term protection matters just as much. Stolen data circulates for years after a breach, and criminals may not attempt to use your information for months or even years after it is initially stolen.

Monitor Your Credit Reports

Check your credit reports regularly at annualcreditreport.com, where you are entitled to free weekly reports from all three bureaus. Look for unfamiliar accounts, hard inquiries you did not authorize, or address changes you did not make.

Reduce Your Digital Footprint

The less personal information that is available about you online, the harder it is for criminals to use breached data against you. Stolen data becomes far more dangerous when it can be combined with other information -- your current address, phone number, employer, family members -- that is readily available on data broker and people search websites.

Close Old Accounts

Review your online accounts and close any you no longer use. Every dormant account is a potential breach waiting to happen. Delete stored payment information from accounts you keep but rarely use.

How PrivacyOn Helps After a Breach

When a breach like the Ticketmaster incident exposes 560 million records, that data does not stay in one place. It spreads across the dark web, gets purchased by data brokers, and is combined with information from public records and other sources to create detailed profiles that can be used for identity theft, targeted scams, and harassment.

PrivacyOn removes your personal information from 100+ data broker sites that may have acquired or enriched their databases with your leaked data. It continuously monitors for re-listings and alerts you through dark web monitoring if your information appears in new breach databases or criminal marketplaces. With family plans covering up to 5 people starting at $8.33/month, PrivacyOn helps you cut off the downstream damage that follows every major data breach.