Investigators detail how hackers allegedly gained access to Ticketmaster data

The alleged hack into Ticketmaster's database that is understood to have impacted hundreds of millions of customers of the Live Nation subsidiary around the world is understood has been analysed by Mandiant - a Google-owned security firm.

Media reports in May advised that hacking group ShinyHunters had claimed to have stolen data from Ticketmaster that included names, addresses, credit card numbers (the last four digits and expiry date), telephone numbers and payment details.

As reported by the ABC, Mandiant said they were first notified through "threat intelligence" that a customer's credentials had been compromised through the cloud storage facility Snowflake.

USA-based Mandiant advised "during this investigation, Mandiant determined that the organisation's Snowflake instance had been compromised by a threat actor using credentials previously stolen via infostealer malware.

"The threat actor used these stolen credentials to access the customer's Snowflake instance and ultimately exfiltrate valuable data."

Mandiant’s Snowflake platform stores and analyses customer databases and information for businesses around the world - including Ticketmaster.

ShinyHunters has subsequently advised that one of its administrators has been arrested by the USA’s Federal Bureau of Investigation, noting in a social media post “we regret to inform you that administrator Baphomet (our "space cowboy"), has been arrested, leading to the seizure of pretty much all of our infrastructure by the FBI.”

The data of around two million Australian Ticketmaster customers was reported at being hacked in May, with ShinyHunters alleged to have threatened to sell the information online for $750,000.