Ticketfly got hacked, user data was leaked
Ticketfly, a ticket distribution service owned by event management and ticketing pioneer Eventbrite, appears to have been hacked.
The service’s site is showing a simple message saying that “Ticketfly has been the target of a cyber incident,” and that the company has taken all Ticketfly systems temporarily offline as they “continue to look into the issue.”
What happened?
Michael Villado was among the first ones to notice that something was amiss:
I sent an email yesterday reporting that the ticketfly website was hacked. All of the user data and site is completely downloadable. They need to come clean on the fact that your data was comprised and still is downloadable at this very moment! #ticketfly #cybercrime #wordpress pic.twitter.com/Ur0AsZpDij
— Michael Villado (@mvillado) May 31, 2018
The site was defaced on Thursday night, and showed a message from the hacker, a contact email address, and a threat to “publish database ‘backstage’.” In the meantime, the attacker offered links to a database apparently containing user data.
The hacker told CNet that he (or she) asked TicketFly to pay 1 bitcoin (around $7,500) for information about an exploitable vulnerability affecting their site. Whether they have or not is unknown.
The company has also yet to confirm which data was compromised (if any), but users are worried that their payment card data has been stolen.
“The Ticketfly cyberattack is one of the first major security incidents to occur in the post-GDPR world. While the company hasn’t confirmed a breach of customer data has occurred, at face value the hacker’s claim — that he/she managed to access their database via an unpatched vulnerability or misconfiguration — is well within the realm of possibility,” Netskope CEO Sanjay Beri commented for Help Net Security.
“We’ve seen this time and time again with organizations failing to properly secure their data, resulting in the exposure of massive datasets on the web. Now the real question is, if a breach did occur, did the database include any PII belonging to EU citizens? If the answer is yes, this situation could escalate quickly.”