Cyber Threat Actor: Ticketmaster
| Actor Type | Location | Known Incidents |
Competitor
|
United States of America
|
1 incident |
|---|
Profile
Stephen Mead, also referenced under the alias Ticketmaster in public reporting, is an individual based in the United States who came to attention for his role in an insider‑threat scheme that involved the unauthorized use of former employer credentials to access a competitor’s systems. He was employed by CrowdSurge before that company was acquired by SongKick and subsequently hired by Live Nation, the parent company of Ticketmaster, in 2013. Mead’s actions were carried out while he held positions within Ticketmaster’s Artist Services division, eventually rising to Director of Client Relations in 2015. The threat actor is therefore characterized as an insider with legitimate access to corporate resources who abused that access for competitive gain.
The targeting observed in the documented activity was confined to the ticketing and live‑event sector, specifically aiming at CrowdSurge, a direct competitor of Ticketmaster in the United States. The strategic objective, as stated in court documents and prosecutorial remarks, was to obtain a financial and market advantage by “choking off” the rival business, stealing back signature clients, and cutting the competitor off at the knees through the poaching of presale ticketing contracts. No explicit mention of espionage, disruption, or ideological motives appears in the source material; the conduct is framed purely as a pursuit of commercial benefit. The notable tactics, techniques, and procedures described involve the use of stolen credentials—specifically the passwords of a former CrowdSurge employee—to gain unauthorized access to confidential ticketing web pages and financial documents. Mead shared those credentials with Ticketmaster executives, who then used them to access the victim’s computers during a division‑wide summit. The actor’s tooling style consisted of maintaining spreadsheets that cataloged compromised ticketing web pages and convening internal meetings to discuss how to exploit the gathered intelligence, rather than deploying malware or custom exploit frameworks.
Attribution to a state sponsor or a criminal consortium is not evident in the publicly available information; Mead’s affiliation is limited to his employment relationships with CrowdSurge, SongKick, Live Nation, and Ticketmaster. The significant publicly reported operation associated with this threat actor is the Ticketmaster‑CrowdSurge incident that unfolded between November 2013 and early 2015, culminating in a $10 million criminal fine, the termination of Mead and his co‑conspirator Zeeshan Zaidi in 2017, and mandated compliance programs to prevent future violations of the Computer Fraud and Abuse Act. This case remains the primary example of his activity in open‑source reporting.
