Eventbrite-owned San Francisco, California based ticket distribution service Ticketfly’s website has been hacked and defaced – The company has acknowledged the hack through their official Twitter account.
The website was defaced by a hacker going with the online handle of “IsHaKdZ.” The hacker left a deface page along with a brief message stating that:
“Ticketfly HacKeD By IsHaKdZ. Your Security Down I’m Not Sorry. Next time I will publish database ‘backstage’ (sic).”
The hacker also uploaded links to files that contained personal information including names, residential addresses, email addresses and contact numbers of Ticketfly’s employees and acquaintances at different venues. Moreover, IsHaKdZ uploaded a picture of Guy Fawkes with the warning message and left a yandex.com email account.
Check the homepage. pic.twitter.com/KPDu6PsjIJ
— Michael Stenberg (@MichaelStenberg) May 31, 2018
The message reveals that the hacker gained access to database titled “backstage,” which stored information about clients from all the venues, promoters and festivals that uses Ticketfly to sell their event’s tickets.
Ticketfly confirmed on its support website that the attacker managed to obtain access to customer and client information. The company has affirmed that the hack attack affected various of its websites simultaneously including Lafayette Theatre, Brooklyn Bowl, and Pearl Street Warehouse.
On Thursday the events ticketing firm shut down its website and released the following statement:
“Following recent site issues, we determined that Ticketfly has been the target of a cyber-incident. To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline.”
The data hack apparently has impacted websites related to music venues, as the links appeared on the list of personal information links on the defacement message uploaded by the hacker.
Resultantly, users who had bought tickets through Ticketfly will be required to print them out and show a photo ID at the venue, where the event is being hosted. Moreover, venues will be required to provide printed guests lists.
Those who haven’t purchased tickets on their own would be needed to show the original payment card they had used while buying the ticket as well as original buyer’s ID copy and an authorization note from the original buyer.
Ticketfly is currently investigating the incident and using all of its resources to confirm the extent to which hackers managed to access its databases.
“Our investigation into the incident is ongoing. We’re putting all of our resources to confirm the extent of the unauthorized access. We’re committed to communicating with all customers once we have more information about the scope of the issue,” informed Ticketfly.
Users started noticing site defacement since yesterday, at around 9 p.m. PST. It seems like the hacker compromised webmaster of the company’s website since the defaced sites were having Ticketfly’s HTTPS certificate intact. Engineers at Ticketfly responded quickly and spent the entire night in dealing with the damages, and the company took everything offline.
The hacker initially demanded one bitcoin in exchange for revealing the vulnerability on Ticketfly’s system. Motherboard reports that IsHaKdZ tried to report the vulnerability to the vendor and asked for the said amount in return but did not receive any response from Ticketfly. Therefore, he decided to exploit it himself. It is also confirmed in the report that most of the stolen records are authentic.