In a significant cybersecurity incident, hackers have exposed what they assert is the barcode data for 166,000 Taylor Swift Eras Tour tickets, threatening to leak more if a $2 million ransom demand is not met. This breach highlights the increasing vulnerability of the entertainment industry to cyber threats.
The issue first came to light in May when the hacking group ShinyHunters began selling data on 560 million Ticketmaster customers for $500,000. Ticketmaster later confirmed the breach, which was traced back to a compromise in their account with Snowflake, a cloud-based data warehousing company utilized for database storage, data processing, and analytics.
The breach is part of a broader pattern of cyberattacks that began in April. Hackers used stolen credentials from information-stealing malware to access and download Snowflake databases from at least 165 organizations. These organizations were then blackmailed, with demands for payment to prevent the data from being sold or publicly leaked. Notable victims include Neiman Marcus, Los Angeles Unified School District, Advance Auto Parts, Pure Storage, and Santander.
Taylor Swift tickets leaked
Recently, a new threat actor known as Sp1d3rHunters leaked data for 166,000 Taylor Swift Eras Tour barcodes. These barcodes are necessary for gaining entry to various concert dates. Sp1d3rHunters, formerly known as Sp1d3r, is the same group responsible for selling data stolen from Snowflake accounts and publicly extorting companies for ransom.

In a post shared by the threat intelligence service HackManac, Sp1d3rHunters demanded $2 million to prevent further leaks, which they claim would include data on 680 million users and 30 million more event barcodes. These barcodes cover events such as more Taylor Swift concerts, performances by Pink and Sting, and various sporting events including F1 Formula Racing, MLB, and NFL games.
The leaked data includes the necessary information to generate scannable barcodes, seat details, face value of tickets, and more. While this specific barcode data was not part of the initial leak in May, some elements of the newly leaked data, such as hashed credit card and sales order information, were present in the earlier breach.
ShinyHunters, the group behind these attacks, has a history of significant data breaches. They were responsible for the 2020 leak of 386 million user records from 18 companies, an AT&T breach affecting 70 million customers, and the recent leak of 33 million phone numbers used with the Authy multi-factor authentication app.
Ticketmaster has responded by assuring the public that their SafeTix technology minimizes the risk of ticket fraud. “Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds, making it impossible to steal or replicate,” Ticketmaster stated to dark webr. “This is just one of the many fraud protections we implement to ensure ticket safety and security.”
Ticketmaster also clarified that they have not engaged in ransom negotiations with the hackers, countering ShinyHunters’ claims of being offered $1 million to delete the data. This breach underscores the ongoing challenges in cybersecurity and the need for robust protective measures to safeguard sensitive customer data.