Ticketfly, the California-based ticketing service owned by Eventbrite, hit the headlines in late May, 2018 for shutting itself down in a move to protect user data following a perceived “cyber incident.”
There’s no denying, this must have been tremendously inconvenient to eventgoers who, as part of the security breach, were treated to the message: “Your Security Down im Not Sorry,” in place of the usual login interface on the Ticketfly homepage.
Alongside this message was an image of the Guy Fawkes Anonymous and a Yandex email address belonging to the hacker; neither was of much help to the users.
The hacker had defaced the ticketing website with a picture of the V for Vendetta character plus a claim of responsibility that read: “Ticketfly HacKeD By IsHaKdZ.” This left the company with little choice but to take the site offline and throw itself into damage control.
Ticketfly went on to investigate the incident with the help of third-party forensic cybersecurity experts. The exact extent of the attack and the types of data that the hackers accessed remains yet to be established.
Reports emerged that the Eventbrite-owned ticketing company was supplying venues with lists of ticket buyers, who were required to carry their photo IDs and a printout of their tickets (for those who had the tickets) to the show(s).
The outage was, however, definitely going to present a more serious challenge to those who had bought tickets for an approaching show and didn’t already have the tickets.
The affected ticket buyers would have to sit tight; the company would give them more information as it became available.
Fast Forward To Date
The date is June 2, 2018 – Ticketfly just resumed its normal ticketing operations. Details emerge that the company has been the target of a malicious cyberattack that has led to the compromise of up to 27 million user accounts hosted on its servers.
This is the official communication from the company itself. It clears the air on the earlier reports going around speculating that about 26 million user accounts have been compromised from the Ticketfly attack.
The company, which handles ticket distribution for events like Riot Fest, Celebrate Brooklyn, and a series of venues across Canada and the US, has since confirmed that there was indeed a cyberattack that compromised some event venue and customer data.
It is relieved to confirm, however, that the breached data is limited to people’s names, email addresses, physical addresses, and phone numbers connected to the approximated 27 million Ticketfly accounts. More sensitive information including payment and login data such as credit card numbers and passwords were thankfully not part of the stolen data.
As part of the leak, the compromised names, email addresses, phone numbers, and home addresses were posted on a public server – with some reports indicating that the hacker intended to make public even more data should his demands fail to be met.
Too Early To Celebrate?
The question that now lingers in the minds of many is with regards to the nature of the data that is still in the hands of the hacker who has threatened to release this data to the public.
These threats cannot be taken lightly by any chance. There are reports indicating that the hacker had notified Ticketfly of a security fault ahead of the “cyber incident,” asking the company for a one bitcoin ransom in exchange for repairing the fault. Apparently, Ticketfly did not take the deal, leading to the eventual uploading of the data to the public server. The current value of one Bitcoin is $8,095.
Like any users involved in a major data breach, the primary fear for the victims in this Ticketfly data breach is the idea that the hackers could impersonate them in various instances of identity fraud or consider using their information to access their financial records.
This kind of fear may be unfounded as Troy Hunt, the guy who owns and runs the website named, Have I Been Pwned, feels that this breach is not as ominous as most, given the fact that the perpetrator apparently did not get his hands on people’s passwords or payment information.
The Have I Been Pwned website allows people to check whether their email addresses have been compromised in incidents of data breaches. If your info is included on a public server somewhere, you can find out at this site.
Right now, it remains to be seen whether the dark hours have passed for Ticketfly or if there are still enough vulnerabilities for the attacker to exploit. By now, there’s no doubt that Ticketfly has improved their security to ensure that all credit card information and user logins are stored in an encrypted database that is cordoned off.