Ticketfly back online after hack exposed 27M users
TICKETFLY was back up and running last Thursday, a week after a “malicious cyberattack” waylaid the concert and sporting-event ticketing website and exposed the data of “approximately 27 million” accounts, the company said in a statement on Thursday.
Users’ names, phone numbers, addresses and email addresses connected to the accounts were accessed in the hack, but financial information like credit and debit card numbers were not, according to Eventbrite, the San Francisco-based firm that owns Ticketfly.
During the past week, the company has slowly reintroduced various aspects of its website.
The breach occurred last Thursday, when a hacker using the handle IsHaKdZ replaced the website’s homepage with an image of the character V from the 2005 film V for Vendetta. The char- acter is a British anarchist who wears a Guy Fawkes mask and violently protests the fascist government in a fictional portrayal of Britain.
Under this image was the hacker’s email address and a message: “Your Security Down im Not Sorry. Next time I will publish database ‘backstage’.”
The breach caused headaches for venues across the country that primarily rely on digital ticketing.
“Due to the current Ticketfly outage, we ask that you please print your tickets if possible,” the 9:30 Club, a concert venue in Washington, DC, tweeted on Friday. “For those with will call tickets, please head to our box office. Tickets will be available at the door! Thank you for your patience.”
Space Gallery, an arts venue in Portland, Maine, had to sell tickets at the door for a concert by Chicago multiinstrumentalist Nnamdi Ogbonnaya.
The primary fear for users involved in any major data breach is the idea that a hacker could use their information to commit identity fraud or to access their financial institutions. Troy Hunt, who runs the Have I Been Pwned? website, told the Associated Press this breach is not as dire as some.
In a conversation with Mashable, the hacker claimed to have warned Ticketfly of a vulnerability on its website and requested a ransom to fix it.