The personal and credit card data of more than half a billion Ticketmaster users was reportedly obtained in a cyber incident, and new reports show that the alleged hack could have taken place weeks ago.

As reported on Wednesday, the “hacker” group ShinyHunters has claimed it has cracked the Ticketmaster system and accessed some 1.3 terabytes of data, which includes names, addresses, credit card numbers, phone numbers, and payment details, involving 560 million customers globally. The information is said to be up for sale on the dark web, with an asking price of $500,000.

While it is unclear which markets were impacted in the hack, or what percentage of consumers impacted are from what markets, the risk for any impacted consumer is very high, given the highly sensitive data that appears to be involved.

On Thursday, the online platform VX-Underground — which is described as the largest collection of malware source code, samples, and papers on the internet — said they spoke to multiple individuals “privy to and involved in” the alleged Ticketmaster breach. These individuals claimed the hack took place in April by an unidentified “threat group,” defined as one that intends to cause harm to the cyber realm.

In a statement on X, VX-Underground said ShinyHunters did not carry out the attack itself, but rather, acted as a proxy for the threat group responsible. VX-Underground went on to note that based on the data provided to them by the threat group, “we can assert with a high degree of confidence the data is legitimate.” The date ranges in the database reportedly go back to 2011, with some dates showing information from the mid-2000s.

VX-Underground said the data shared with them includes:

  • Full Name
  • Email address
  • Address
  • Telephone number
  • Credit card number (hashed)
  • Credit card type, authentication type
  • All user financial transactions

“The data provided to us, even as a ‘sample’, was absurdly large and made it difficult to review in depth,” VX-Underground said. “We are unable to verify the authenticity of financial information. Briefly skimming the PII present in the dump, it appears authentic.”

While this wouldn’t be the first time Ticketmaster suffered a data breach, this hacker claim would be among the largest ever reported.

Live Nation nor Ticketmaster have responded to the claims. The pair also did not respond to TicketNews’ request for comment.

This is the latest news amid a rocky week for the entertainment giant and its ticketing subsidiary; the infamous duo made headlines after news broke they were the subjects in a recently-filed, yet long-awaited, antitrust lawsuit by the Department of Justice and 29 states.