this post was submitted on 06 Jul 2024
35 points (92.7% liked)

Netsec

701 readers
1 users here now

netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere. ‎

Rules

  1. Don't do unto others what you don't want done unto you.
  2. No Porn, Gore, or NSFW content. Instant Ban.
  3. No Spamming, Trolling or Unsolicited Ads. Instant Ban.
  4. Stay on topic in a community. Please reach out to an admin to create a new community.

founded 2 years ago
MODERATORS
 

Ticketmaster shot down claims made on the dark web that hackers have access to working ticket barcodes for several upcoming Taylor Swift concerts and other events.

On Friday, a hacker allegedly offered for sale event barcodes for Taylor Swift’s Eras Tour concert dates in New Orleans, Miami and Indianapolis.

The barcodes are typically scanned at the entrance for events. In total, the hacker offered about 170,000 barcodes for sale, with about 20,000 for sale at each show.

The hacker also threatened Ticketmaster with more leaks if they are not paid $2 million — claiming to have 30 million more barcodes for NFL games, Sting concerts and more.

A spokesperson for Ticketmaster debunked the claims made in the post in comments to Recorded Future News.

“Ticketmaster’s SafeTix technology protects tickets by automatically refreshing a new and unique barcode every few seconds so it cannot be stolen or copied,” the spokesperson said.

“This is just one of many fraud protections we implement to keep tickets safe and secure.”

The spokesperson also shot down allegations made in media reports that they engaged the hacker in ransom negotiations, saying that they never engaged with the hacker and never offered the person money.

Ticketmaster’s parent company Live Nation confirmed last month that the company’s account on data storage platform Snowflake had been breached.

Hackers on the dark web claimed to have a 1.3 terabyte database of information on about 560 million Ticketmaster users that included names, addresses, emails and phone numbers as well as event details and information on specific orders.

The theft was part of a larger campaign of thefts targeting about 165 customers of Snowflake. Some of the data stolen from those companies was offered for sale by the same hacker behind this most recent post about event barcodes.

you are viewing a single comment's thread
view the rest of the comments
[–] Creat@discuss.tchncs.de 1 points 4 months ago

If an app is used in client side it's relatively easy. They could literally just use the common OTP algorithm, but in reverse. Instead of refreshing ever 30s, set that to like hours or days. instead of generating 6 digits you generate enough for a barcode (like 12 or 13 or whatever is common). On refresh, stuff them in a database, so when a ticket is scanned you can quickly find the corresponding entry and identify it and mark it used.

I have no real idea how you'd do this with printable paper tickets...