Hackers Crack Ticketmaster’s SafeTix System
July 9, 2024
- Hackers have reverse-engineered Ticketmaster’s SafeTix barcode system, allowing tickets to be resold on unauthorized platforms
- SafeTix technology uses rotating barcodes with base64-encoded tokens, TOTPs, and timestamps designed to prevent ticket replication and unauthorized access
- In response to the data breach, Ticketmaster is offering twelve months of free identity monitoring, rotating passwords, and more
Hackers have reverse-engineered Ticketmaster’s SafeTix barcode system, which is designed to thwart ticket fraud by using dynamic barcodes that refresh every few seconds. This development has opened the door for tickets to be resold on platforms outside of Ticketmaster’s control, challenging the company's security measures.
The mechanics of SafeTix
Ticketmaster's SafeTix technology utilizes rotating barcodes that change every 15 seconds. These barcodes incorporate a base64-encoded token, two Time-based One-Time Passwords (TOTPs), and a timestamp. This system aims to prevent ticket replication and unauthorized access by ensuring each barcode is unique.
The reverse engineering process
Hackers were able to decode these barcodes by identifying that the two six-digit numbers in the barcodes were TOTPs generated from pieces of information and the timestamps. By understanding and replicating this process, they could produce valid barcodes at any given time, effectively bypassing Ticketmaster’s security measures. This decoding not only enables unauthorized access to events but also facilitates the resale of tickets on unauthorized platforms.
The ability to circumvent the SafeTix system undermines the integrity of Ticketmaster’s fraud prevention efforts, posing risks to event organizers and consumers alike. It highlights the need for more robust and adaptive security measures in digital ticketing systems to protect against sophisticated hacking attempts.
Associated data breach
The reverse engineering of SafeTix coincides with a broader data breach involving Ticketmaster. The hacker group ShinyHunters claims to have stolen data from 560 million Ticketmaster customers, including names, emails, addresses, phone numbers, and partial credit card numbers. This data is reportedly being sold on the dark web, adding another layer of risk for affected individuals and exacerbating the security crisis for Ticketmaster.
How can customers protect themselves?
Ticketmaster is offering affected customers twelve months of free identity monitoring services through TransUnion to monitor personal data on the dark web. The company has also implemented security measures, such as rotating passwords for affected accounts, reviewing access permissions, and enhancing alerting mechanisms. Customers are advised to monitor their accounts and credit reports for any suspicious activity and be cautious of phishing attempts. Despite the breach, Ticketmaster emphasizes that customer accounts were not directly affected.