Recently, users a dark web forum saw the release of 170,000 Taylor Swift event barcodes that were obtained from Ticketmaster. Providing free entry to the singer's world tour concert for all of its users who wish to attend.
Taylor Swift's Eras Tour, her sixth concert tour, began on March 17, 2023, in Glendale, Arizona, and will end on December 8, 2024, in Vancouver, Canada. The tour includes 152 shows across five continents.
The leaked barcodes pertain to future concerts scheduled in Miami, New Orleans, and Indianapolis, affecting the following dates:
October 18, 2024: Miami – 20k tickets
October 19, 2024: Miami – 20k tickets
October 20, 2024: Miami – 23k tickets
October 26, 2024: New Orleans – 16k tickets
October 27, 2024: New Orleans – 16k tickets
October 28, 2024: New Orleans – 18k tickets
November 01, 2024: Indianapolis – 18k tickets
November 02, 2024: Indianapolis – 17k tickets
November 03, 2024: Indianapolis – 18k tickets
Each barcode, uniquely identifiable and scannable only once to prevent forgery, has been shared openly, offering unauthorized access to the concerts.
In addition, the threat actor has included a tutorial that provides a clear and straightforward explanation on how to exploit and create printable barcode tickets using Microsoft Excel.
The alleged perpetrator, who is associated with the hacker group ShinyHunters, has reportedly gained unauthorized access to Ticketmaster's data.
They are demanding a ransom of $2 million to prevent the release of 680 million customer records and 30 million event barcodes.
These events cover a wide range, from Taylor Swift concerts to performances by other well-known artists like P!nk and Sting. Additionally, there are also high-profile sports events like Formula 1, MLB, and NFL games.
Earlier, a forum post from the hacker group on the same forum revealed that 400,000 Taylor Swift concert tickets were leaked. However, it appears that the post is now deleted.
Subscribe to our newsletter
The leak included a sample dataset that contained sensitive information such as event names, ticket types, barcode values, seat numbers, and event venues.
This breach follows closely after Ticketmaster confirmed a data breach, where user data and concert event barcodes were compromised.
The cybercriminals posted only a fraction of the stolen tickets to demonstrate their possession of the data and pressure Ticketmaster into paying the ransom.
It is still uncertain how far-reaching the breach is and what it means for future events and concert attendees.