ShinyHunters posted on Tuesday night in a hacking forum that it obtained data from Ticketmaster and its parent company, Live Nation, including customers’ names, addresses, emails, phone numbers, and order details, Cyber Daily wrote. The group is reportedly attempting to sell the stolen data for $500 million.
From this other link: https://www.abc.net.au/news/2024-05-29/ticketmaster-hack-allegedlyshinyhunter-customers-data-leaked/103908614
It said 1.3 terabytes of customer data possessed by Ticketmaster including names, addresses, credit card numbers, phone numbers and payment details is up for sale.
I’ll look forward to my $0.50 check and exactly zero consequences for the higher-ups that I’m sure slashed IT/cybersecurity budgets.
“Did you cut security staff?”
“Yes.”
“How much?”
“70%”
“And did that lack of security cause a security breach?”
“Yes.”
“And how much money did that cost us?”
“2 million dollars.”
“And how much did the security team that was let go cost us?”
“$500,000 per year.”
“So, we break even after 4 years, and profit after 5?”
“Uhhhhhhh…I guess?”
“Good work Johnson”.
heh, you don’t know how true this is. I’ve worked in IT for 2 decades. IT is pretty much always seen as a cost center.
If everything is running smoothly - “what are we paying you for?!”
If everything is on fire - " What are we paying you for!?"
And now with companies getting the tiniest of slaps on the wrists for willful negligence it’s cheaper to cut IT funding, outsource it, whatever.
If the cost of the fine is less than the profits gained by doing “x” then that’s just the cost of doing business. Execs will continue to do this until there are real consequences for the company and them directly.
Until there are proper incentives for executives (e.g. full asset seizure and mandatory multi-year community service in roles such as junior janitor, junior hospice care specialist, live-in support for late stage alzheimer’s patients) that require them to take ownership and responsibility for their actions (or lack of thereof), this will continue.
Just look at the 2017 Equifax breach in the US:
Wikipedia background:
An Equifax internal audit in 2015 showed that there was a large backlog of vulnerabilities to patch, that Equifax wasn’t following its own timescales on patching them, that IT staff did not have a comprehensive asset inventory, that Equifax didn’t consider how critical an IT asset was when prioritising patches, and that the patching process worked on an ‘Honour system’. The report set out actions to improve the process, but the time of the breach, two years later, many of them had not been completed.
Equifax press release states that CIO and CSO can now enjoy retirement:
As part of the company’s ongoing review of the cybersecurity incident announced September 7, 2017, Equifax Inc. (NYSE: EFX) today made personnel changes and released additional information regarding its preliminary findings about the incident.
The company announced that the Chief Information Officer and Chief Security Officer are retiring.
Richard Smith, the CEO under whose watch this happened, got to retire at the ripe old age of 57 and got a nice bonus of $90 M
Richard Smith, 57, is the third Equifax executive to retire under pressure following the company’s massive data breach revealed earlier this month, putting the personal information of as many as 143 million people at risk.
But the CEO is still set to collect about $72 million this year alone (including nine months’ worth of his $1,450,000 salary), plus another $17.9 million over the next few years. That’s when the rest of Smith’s stock compensation hits a few important milestones or “vests,” allowing Smith to essentially put it in his bank account. Altogether, it adds up to a total potential paycheck of more than $90.1 million, according to Fortune’s calculations based on Equifax securities filings.
Are you salivating at the mere thought of this, then?
Amazon execs may be personally liable for tricking users into Prime sign-ups
This is a start, but the fact that they come up with this:
Executives had urged the court to dismiss the FTC’s claims against them. They argued that the FTC “singled them out ‘for an ‘unprecedented sanction’” when the agency had “only recently started prosecuting companies for using ‘dark patterns’” under Restore Online Shoppers’ Confidence Act (ROSCA) and the FTC Act. They claimed that the FTC never alerted them to any wrongdoing before filing the lawsuit, so how could they have known they were violating the law?
Suggests that they are not being serious.
And I doubt the fine will be sufficient for them to re-evaluate their attitudes. What we need is full asset seizure (every last cent, home, car, everything) and to send them to do a decade as junior support personnel at a late stage Alzheimer’s care facility (my dad had Alzheimer, so I am not being callous for the sake of it).
They can also do 20 years in prison with no parole if they are too good for community service.
I’m not sure how that’s indicative of the FTC not being serious? You’re quoting a defense argument, of course they’re going to argue the agency is wrong.
With respect to the US regulatory/judicial actions, I find it difficult to believe that they will be sufficient to nudge the criminals towards genuine self-reflection and a desire to change their behaviour. Similarly, other criminals are likely see enforcement action as more of a “risk to be managed” as opposed to a strong incentive to re-evaluate their approach to criminal schemes.
This is of course not a US only problem, albeit there are countries were consumer rights and business criminality is less socially acceptable.
I didn’t interpret their argument as stating “the agency is wrong”. More like “we weren’t told this was wrong, we were one of the caught … so this claim should be dismissed.”
I would even go as far as saying that this is a sign of disrespect towards judicial processes.
All those convenience fees hard at work I see.
So convenient to automatically give everyone access to your credit card number without any action or knowledge on your end. It happens all on its own.
👍
Does anyone have reccomendations for a good (open source) Android keyboard mine doesn’t have a search function for emoji
I was about to recommend Heliboard since that’s the best one so far IMO, but it also doesn’t have emoji search. Turns out I was using the “recent emojis” menu
That might help in the meantime till a better recommendation comes around
That’s actually what I’m using
I just want iOS to ALWAYS suggest emoji when one’s available for that word. Never use the autocomplete function on iPhone besides for when it suggests an emoji 😎
(It worked that time! For “cool”)
I was going to reccomend the samsung keyboard specifically BECAUSE it doesn’t have that swiping, or emojis. Yep. Just a good ol standard reliable keyboard. Which means any typos in this message are my own stupid fingers fault.
…but you WANT emojis in your keyboard. Must be a generational thing.
/hankhill
Why wouldnt you want emoji?
Meanwhile, earlier this month, I had to literally disable quite a few bits of adblocks and other extensions just so that Ticketmaster’s crappy CAPTCHA thing would allow me to even log in. Literally screamed “Why are you pestering me, I’m just trying to buy a ticket to a local car show, not a fucking Madonna concert”
And you had to pay a “convenience” fee for the privilege too.
Oh last year I paid the ticket in cash, 20€, no problem. This year? 20€, plus 1+bits euros of processing fees. To “deliver” my ticket to the platform of my choice. (…Mobile app.)
So I went to the car show. They still had the cash booth. Mild failure to communicate. I just dodged the field of view of the booth guys, out of shame, and entered like normal, glad the ticket guards were accommodating.
Oh I forgot the best part! When I was trying to log on and the security interfered with CAPTCHAs, Ticketmaster reset my password several times. That’s how you know this company take security seriously. /s (Literally no site does this.)
Proof they don’t care:
The company’s share price remained relatively flat following reports of its massive data leak.
Just another Tuesday in our boring dystopia.
“Yes, and “ - the stock price didn’t go UP, so they might have cared :/
Guess I have a new wave of spam calls to look forward to.
Save this Card# for later?
Fuck no!
If that data is really worth $500 million, Ticketmaster probably “hacked” itself. One last score before the DOJ breaks them up.
My brokeass can’t do shit so I will just give you an upvote. Bank refused to give me loan because of my credit rating. The funny part is I never had a credit card or any other loan. Later I found out my that Tangerine Telecom fucked me by giving my data to hackers and someone used my info to get a credit card.
Unfortunately it was just another Wednesday for the higher ups there. Sigh.
Glad I’ve never used the scummy fuckers.
I mean…they are scummy fuckers, but…do you just NOT go to concerts?
In this economy?
Not by venues the size that are whored out to TM, is an option. Just because something is slammed at you 1m times by radio, advertisers, YouTube, etc., you can still choose the music you listen to and like.
I’ve been to concert venues that hold 30 max occupants still had to go through ticketmaster for $5 tickets, with $13.79 in fees.
They are EVERYWHERE.
Plenty of other things to do in a city that size, then.
Didn’t mean to say venues have many options, TM needs to be broken up. Even non-profits and the like have had to sign the Ursula contract with TM as they dominate the industry so
Not LN/Ticketmaster shows.
I’m not one of those 560 million.