Over 560 million accounts around the world have been breached, as a major database reportedly goes up for sale on the dark web. What can consumers expect?
Hacks and breaches are just a regular part of life, it seems, as the burden of security becomes a problem for big companies. We’ve seen it with Optus and with Medibank, and now it seems one of the world’s biggest entertainment ticketing companies is dealing with a major global breach.
Ticketmaster has reportedly been hacked, with a server breached and over 500 million accounts leaked and put up for sale. While the company has yet to confirm the details following a report from cybersecurity publication CyberDaily, the breach is already something the Australian government is looking into, as the Department of Home Affairs works with Ticketmaster on the situation.
Ticketmaster has yet to comment on the matters, but the hackers are reportedly looking to sell the data, which purportedly includes names, email addresses, phone numbers, home addresses, and credit card details including the last four digits and expiration dates, as well as hashed credit card details that might be more difficult to read.
However, some of this information could still be used to break into accounts. Armed with elements of this information, it’s not entirely unreasonable to expect aggressive activity, and consumers may be at risk. What could happen following a data breach like this?
Phishing could ramp up
One of the more obvious activities comes back to scammers masquerading as organisations you trust. That might be Ticketmaster itself, or it could come back to being the government.
It’s not a stretch to see scammers taking hold of the emails or phone numbers in this list, and creating a fake Ticketmaster website to let you “change your details” or provide some other protection, or even a fake government website acting in your interest.
As it is, Australians see regular amounts of phishing scams claiming to be from the government, some of which can be quite convincing.
Bank accounts could be see unusual activity
Bank accounts could also see some unusual activity, particularly as scammers look to join the dots between the account information inside the hack.
While a hashed credit card number might not be a full card number, it could be a starting point, particularly if there’s a pattern the hashing. Meanwhile, the last four digits of a card and the expiration dates could also give scammers enough to work with for a BIN attack, a type of credit and debit card attack that lets scammers charge bank accounts directly.
What you can do
Each situation carries concern for anyone, and with Ticketmaster not yet commenting on the situation, that concern naturally grows.
However, there are things you can do, such as monitoring your bank account activity, something some banks will do proactively.
Monitor your bank details
Depending on which bank you use, you may find automatic alerts for unusual activity occurring on your bank. Some do this simply by being a customer, while others may need you to talk to your bank.
If you’re not sure whether your bank supports alerts and notifications for unusual activity, talk to your bank.
If you’re concerned of greater risk, you may want to consider changing your card entirely. While clearly an inconvenience, changing bank and credit card numbers prevents the chances of existing cards to be used in the first place, providing some peace of mind.
Switch on multi-factor authentication (2FA, 3FA)
Multi-factor authentication should be activated where ever you can, a great security practice that makes it impossible to log in to specific accounts without a secondary form of control, meaning password AND something else.
That extra element is often a phone number, but it can also be an authentication app such as Google Authenticator, a physical passkey like those from Yubico, and even a software passkey linked to your computer or phone.
Watch your messages and take things with a grain of salt
At the same time, we’d recommend paying close attention to any messages you receive over SMS and email. Phishing scams built from this breach don’t seem like much of a reach, and it’s not hard to imagine scammers building fake websites designed to “help” victims of a breach.
With over 500 million Ticketmaster accounts worldwide, there’s a good chance that someone receiving a fishy link purporting to be from Ticketmaster will click, and could fall down a rabbit hole, unaware of what to look for.
As usual, phishing scams tend to follow the same pattern: websites built to look the same, but lacking in key differences.
Telltale signs of any phishing website include:
- A URL that isn’t the real website’s domain: scam sites can’t just exist on the real www dot com. Rather, they’ll often use some outlandish gibberish name, or try for something similar.
- Links that go nowhere: most websites include more than one link in the site design, such as in the menu. Phishing sites might look like they have these, but invariably they go nowhere and aren’t clickable.
- Grammatical and spelling errors: thanks to the aid of AI systems, scammers are getting better at writing in English. However, text can include spelling and grammar issues, and it’s a common trait of scams, perhaps more so than regular website grammatical problems.
There’s also the message itself. Scam messages will almost always indicate a sense of urgency, because nothing drives people to act like something needing to be done ASAP.
If you receive an email or SMS claiming to be urgent, look at the link carefully. Also look at the sender ID: if the message is from a real company, it will usually have a proper sender ID, rather than just another mobile number. It’s a similar situation for emails, too.
If anything about the message seems off, just delete it. Alternatively, consider looking up the real website with a simple search online, which is something scammers typically can’t make a dent on, and hope you don’t do.
