A Ticketmaster leak indexed by leaksear.ch contains 167,500 Taylor Swift Eras Tour ticket barcode records for Miami, New Orleans, and Indianapolis shows in October and November 2024, including event, venue, seat, and ticket face-value data but no customer PII (leaksear.ch metadata). The dataset follows the May 20, 2024 Ticketmaster cloud-database incident disclosed by Live Nation and the July 2024 Sp1d3rHunters barcode release reported publicly (investors.livenationentertainment.com, www.bleepingcomputer.com).
What happened
Live Nation told the SEC that on May 20, 2024 it identified unauthorized activity in a third-party cloud database environment containing company data, primarily from Ticketmaster, and that on May 27 a criminal threat actor offered alleged company user data for sale on the dark web (investors.livenationentertainment.com). BleepingComputer reported that the broader Ticketmaster theft was tied to Snowflake, while Mandiant later described a wider UNC5537 campaign in which Snowflake customer instances were compromised using stolen customer credentials, with no evidence found that access stemmed from a breach of Snowflake's enterprise environment (www.bleepingcomputer.com, cloud.google.com).
On July 5, 2024, BleepingComputer reported that Sp1d3rHunters leaked what it claimed was Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets and said the data covered upcoming shows in Miami, New Orleans, and Indianapolis. Malwarebytes separately reported the release as 170,000 barcodes offered for those three cities (www.bleepingcomputer.com, www.malwarebytes.com).
Ticketmaster told BleepingComputer that its SafeTix technology refreshes unique barcodes to prevent copying, and Ticketmaster's own help page says moving barcode tickets automatically refresh every 15 seconds and screenshots will not get users into an event (www.bleepingcomputer.com, help.ticketmaster.com).
What data was exposed
The leaksear.ch metadata lists ticket barcode values, event IDs and keys, event names and start times, venue names and addresses, venue city, state, country, and postcode, section, row, and seat assignments, sales order and transaction identifiers, ticket type and coupon-related fields, host account creation date, venue IDs, and ticket face-value amounts (leaksear.ch metadata).
The indexed source is described as a barcode and ticketing metadata sample, not a customer PII dump. leaksear.ch metadata lists username as the searchable field for this source, while the other listed fields are stored on records but are not direct search pivots (leaksear.ch metadata).
Why this matters
The immediate identity-theft risk from this indexed sample is lower than in a customer PII leak because the metadata says it does not contain names, emails, phone numbers, or payment details. The practical risk is ticket-specific fraud: scammers can use event, seat, and barcode context to make resale lures, fake transfer messages, or venue-specific phishing look more credible. People who bought or held tickets for the listed Eras Tour shows should use official Ticketmaster channels for ticket status and be cautious with unsolicited ticket-transfer or account-warning messages. To check whether your data is in this Ticketmaster leak, use leaksear.ch's lookup for this source.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include username.
Sources
- Live Nation Entertainment: 8-K - 05/31/2024 - Live Nation Entertainment
- BleepingComputer: Ticketmaster confirms massive breach after stolen data for sale online
- BleepingComputer: Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion
- Google Cloud Blog: UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
- Malwarebytes: Ticketmaster hackers release stolen ticket barcodes for Taylor Swift Eras Tour
- Ticketmaster Help: Why do my tickets have a moving barcode?