The notorious hacker group ShinyHunters is back in the news after claiming responsibility for separate high-profile breaches of Ticketmaster and Santander Bank. The theft and attempted sales of sensitive customer data illustrates the incentives that guide financially motivated adversary campaigns. Both breaches also exemplify the reputational damages inflicted on companies that are compromised by cybercriminals, in addition to monetary losses.

I.T. security leaders can leverage resources such as the Cybersecurity Cheat Sheet to find and fix gaps in their defense posture and reduce their risk of data breaches.

Ticketmaster compromise

ShinyHunters claims to have stolen the data of 560 million Ticketmaster customers, including account details and credit card numbers. The pilfered information was listed for sale for $500,000 on BreachForums, a dark web marketplace previously taken down by law enforcement (This Help Net Security article covers the impact of that operation.) It is significant that BreachForums is back and appears to be managed by ShinyHunters.

Santander Bank breach

Confidential data from 30 million Santander Bank customers in Chile, Spain and Uruguay was allegedly stolen by ShinyHunters. Two weeks after the bank first reported a data breach, the stolen information was observed for sale for $2 million, also on BreachForums. According to a BBC report, it claims to include:

  • 30 million people’s bank account details
  • 6 million account numbers and balances
  • 28 million credit card numbers
  • Human Resources records about bank personnel

What you should do

As both companies scramble to contain their respective compromises, the situation calls for customers to exercise increased vigilance.

  • Use caution: Be wary of suspicious emails, calls, or texts claiming to be from Ticketmaster or Santander Bank. Don’t click on any links or attachments unless you’re absolutely sure they’re legitimate.
  • Monitor your accounts: Keep a close eye on your bank statements and credit card activity for any unauthorized charges.
  • Consider a freeze: Contact your bank or credit card issuer to discuss a temporary freeze on your accounts. This can prevent unauthorized transactions while you monitor the situation.
  • Change passwords: If you use the same password for Ticketmaster or Santander Bank and other accounts, change them immediately. Use a strong, unique password for each online service.


Fallout from both breaches is far from over. Both companies could face lawsuits and long-term reputational damage, and many questions remain. Some researchers, according to a report by The Record, believe a vulnerability within the products of Snowflake, a cloud computing company, could have been how the breaches of Ticketmaster and Santander originated. Snowflake denies fault.

It is also important to take cybercriminal claims with a grain of salt. Many of the details ShinyHunters is boasting are unconfirmed. Some analysts suspect the goal of these breaches is to restore group’s credibility after its site was taken down by law enforcement.

Ticketmaster and Santander Bank are massive multinational corporations. But small-to-medium enterprises with lean I.T. security teams must prepare for similar cyberattacks. Cynet’s All-in-One Cybersecurity Platform is purpose-built to them fight back. It’s affordable, easy to use and backed by 24/7 expert support from CyOps, Cynet’s built-in MDR service, to monitor your environment, accelerate incident response or simply answer your questions. You can sign up for a demo to see Cynet in action.