Eventbrite-owned ticket distribution service Ticketfly has taken its website offline today after a hacker defaced its frontpage and stole a part of its customer database.
The hack has taken place late yesterday night (US timezones), on May 30. At that time, users trying to purchase tickets reported that the Ticketfly website was showing a defacement message with the now infamous "V for Vendetta" character, the symbol of the Anonymous hacker collective.
"Ticketfly HacKeD By IsHaKdZ," read the website, and "Your Security Down im Not Sorry."
User data briefly available online
Ticketfly admins did eventually discover the hack, but before they took down the defacement message and put the site in maintenance mode, a user also noticed that many CSV files containing user data were also freely accessible via one of the site's URLs.
I sent an email yesterday reporting that the ticketfly website was hacked. All of the user data and site is completely downloadable. They need to come clean on the fact that your data was comprised and still is downloadable at this very moment! #ticketfly #cybercrime #wordpress pic.twitter.com/Ur0AsZpDij
— Michael Villado (@mvillado) May 31, 2018
Since then, that URL has been taken down, and the data is not accessible anymore. Furthermore, Ticketfly replaced the original maintenance message with one admitting to the hack (image above).
"Following a series of recent issues with Ticketfly properties, we've determined that Ticketfly has been the target of a cyber incident," the message now available on Ticketfly's homepage reads.
"Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible. Please check back later."
The site's abrupt downtime caused issues with bars and event organizers selling tickets through the Ticketfly service. Users can't buy tickets either, as all Ticketfly servers are now down.
There is a nationwide Ticketfly outage which effects our ability to sell tickets both online and at our box offices. We hope to be back up and running shortly. (5/31 9:21 am)
— Union Transfer (@UnionTransfer) May 31, 2018
Hacker asking for a 1 Bitcoin ransom
The hacker behind the Ticketfly defacement and database theft is named IsHaKdZ. Zone-H, a website that archives site defacements includes entries attributed to this nickname going back as far as 2010, albeit it is unclear if it's the same hacker or someone who is misusing an older pseudonym.
Looks like IsHakDz, aka ThE HaCkEr, has been doing defacements for a little while now. Guess Ticketfly didn't update their Wordpress website. @ticketfly #Ticketfly pic.twitter.com/HI7gIaVbjD
— VER1TAS (@THE_VER1TAS) May 31, 2018
IsHaKdZ also left an email address on the defaced website, but the hacker did not respond to a request for comment on the hack before this article's publication.
But the hacker did reply to a CNET reporter, revealing that he asked Ticketfly to pay a 1 Bitcoin ransom to not release the site's data online. Ticketfly did not confirm the ransom demand.
UPDATE [June 3, 05:15 ET]: TicketFly is still down. The company has published a page with more information. In the meantime, the size of the leaked data has been revealed to be of over 26 million user accounts.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
sajidali27 - 7 years ago
I feel bad for the Venues and Bands that are using them. For example, Thievery Corporation posted on the Facebook event for my local venue to try to stir up some business. Seemingly unbeknownst to them, they are affected by this outage.