Ticketfly hack exposed details of 27 million accounts

Ticket sales platform Ticketfly has announced that a cyberattack which took place last week exposed information belonging to roughly 27 million accounts.

A company spokesperson said that payment card information was not accessed, but that account information such as names, phone numbers, and email and physical addresses had been compromised. The spokesperson said that although account passwords were believed to be safe, it is possible that the hashed values may have been accessed.

Your Security Down im Not Sorry. Next time I will publish database ‘backstage.’

– “ISHaKdZ”

Troy Hunt’s analysis of the CSV databases stolen, which the hacker shared with news source Motherboard, showed that 26,151,608 unique email addresses were involved in the breach.

Ticketfly’s websites were taken down when “site issues” led the company to believe that it had been the target of a cyberattack. The apparent perpetrator, a hacker going by “IShAkDz”, added images from the film “V for Vendetta” and the message “Ticketfly HacKeD By IsHaKdZ” to the website.

The hacker demanded to be paid 1 Bitcoin (worth between $7,349.52 and $7,608.87 on May 31, when the attack took place) to resolve the attack, and left a message reading: “Your Security Down im Not Sorry. Next time I will publish database ‘backstage.'”

IShAkDz claimed to have contacted Ticketfly about the potential exploit multiple times in the past, asking the same price for fixing it, with no response.

The company, which is owned by Eventbrite and sells around 60 million tickets per year, took nearly a week to get its websites back online.

“We take privacy and security very seriously and regret any disruption this has caused,” said a Ticketfly spokesperson. “We’re extremely grateful for the patience and support of the Ticketfly community.”

Researcher, writer, recovering medievalist. Currently particularly interested in the cybersecurity solutions market, cyber insurance/risk modelling, and IoT security.

Your thoughts