{"id":24578,"date":"2024-05-29T05:10:07","date_gmt":"2024-05-29T13:10:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/05\/29\/news-18308\/"},"modified":"2024-05-29T05:10:07","modified_gmt":"2024-05-29T13:10:07","slug":"news-18308","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/05\/29\/news-18308\/","title":{"rendered":"Data leak site BreachForums is back, boasting Live Nation\/Ticketmaster user data. But is it a trap?"},"content":{"rendered":"\n

Notorious data leak site BreachForums appears to be back online after it was seized by law enforcement<\/a> a few weeks ago.<\/p>\n

At least one of BreachForums domains and its dark web site are live again. However, questions have been raised over whether it is a genuine attempt to revive the forums once again or set up as a lure by law enforcement to entrap more data dealers and cybercriminals.<\/p>\n

The administrator of the new forum posts under the handle ShinyHunters, which is a name associated with the AT&T breach and others,<\/a> and believed to be the main administrator of the previous BreachForums.<\/p>\n

Yesterday, ShinyHunters posted a new dataset for sale that allegedly stems from Live Nation\/Ticketmaster.<\/p>\n

\"Post
Post by ShinyHunters to sell the Live Nation Ticketmaster data set<\/em><\/figcaption><\/figure>\n
\n

\u201cLive Nation \/ Ticketmaster<\/p>\n

Data includes<\/p>\n

560 million customer full details (name, address, email, phone)<\/p>\n

Ticket sales, event information, order details<\/p>\n

CC detail \u2013 customer last 4 of card, expiration date<\/p>\n

Customer fraud details<\/p>\n

Much more<\/p>\n

Price is $500k USD. One time sale.\u201d<\/p>\n<\/blockquote>\n

But, an avatar and a handle are easily copied, and there are a few things that raised our spidey-senses that something is up.<\/p>\n

First, the data set was offered for sale on another dark web forum by a user going by SpidermanData with the exact same text.<\/p>\n

\"Post
SpidermanData offering the same data set on another forum<\/em><\/figcaption><\/figure>\n

Second, this data set seems way too big for its nature. Live Nation and Ticketmaster are big enough to be considered a monopolist<\/a>, but 560 million users seems like a stretch.<\/p>\n

After looking at the shared evidence, security researcher CyberKnow tweeted<\/a>:<\/p>\n

\n

\u201cWhile there is some new data in the shared evidence there is also old customer information, making it possibly this is a series of data jammed together.\u201d<\/p>\n<\/blockquote>\n

Third, a new feature is that visitors need to register before they can see any content. Why would the administrators change that?<\/p>\n

And, last but not least, would the FBI let the cybercriminals regain control over the domains that easily? That would be quite embarrassing<\/a>.<\/p>\n

So, we dare conclude that this dataset’s goal is to generate some attention and act as a lure to let old forum users know that BreachForums is alive and kicking. But who is running the show, is the question that we hope to answer soon.<\/p>\n

Stay tuned for updates on this developing story.<\/p>\n

Protecting yourself from a data breach<\/h2>\n

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach<\/a>.<\/p>\n