Posted on June 2, 2018 at 10:54 AM
In a recent hack, the attacker briefly took control of the website belonging to a popular ticket-selling company, Ticketfly. Following the attack, the website went offline, which was the work of the company itself, according to reports.
The hack of Ticketfly
According to recent reports, a website belonging to Ticketfly went offline after it was hacked by an individual called IsHaKdZ. While being in control of the website, the attacker posted a picture of the main character of the movie “V for Vendetta”, while also posting a tweet that says “Your Security Down I’m Not Sorry”. The attacker also added that they are in possession of Ticketfly’s database.
Check the homepage. pic.twitter.com/KPDu6PsjIJ
— Michael Stenberg (@MichaelStenberg) May 31, 2018
After the incident, the company’s website went offline, which was the work of the company itself. They stated on Thursday that the website was a target of a hacking attack, which has forced the company to temporarily disable the systems, while the attack is being investigated. According to their spokeswoman, they understand the possible consequences of the decision, but they still decided to go along with it, since the customers’ privacy and security is their top priority.
Following recent site issues, we determined that Ticketfly has been the target of a cyber incident. To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline. We’ll keep you updated.
— Ticketfly (@ticketfly) May 31, 2018
Ticketfly is currently owned by Eventbrite, which purchased it in 2017 from Pandora. Pandora has been in possession of Ticketfly for 2 years, following their own purchase of it back in 2015. So far, Ticketfly has been doing pretty good, and Eventbrite has even stated on one occasion that Ticketfly is sending over 60 million tickets per year.
The attacker contacted Ticketfly before
According to the statement from the attacker, it would seem that he or she attempted to contact the company several times prior to the attack. They have sent multiple emails warning the company about an existing exploit and offered to fix it in return for 1 Bitcoin (BTC). The emails went unanswered, which is why the attacker decided to prove their point and hack the website.
The attacker also claims to be in possession of the Ticketfly’s database, which they have threatened to expose. So far, Ticketfly has not mentioned any contact with the attacker, nor have they included the attacker in any part of their statement at all. They have also not commented about having their data stolen.
The hacker has already released several CSV spreadsheets which include details of Ticketfly’s customers and employees alike. The information includes names, email addresses, home addresses, as well as phone numbers. The validity of the released documents has yet to be confirmed, but it was noted that several names and other pieces of information are, in fact, a match to the data regarding some of the company’s employees.
With this in mind, it might be possible that the data is indeed legitimate, which would mean that Ticketfly might have a bigger problem than it was originally believed. This is yet another company that was recently hit by a cyber attack due to various vulnerabilities, and the “trend” does not show any signs of stopping anytime soon. Because of this, the companies are advised to improve their security and avoid being the next in the long line of cyber-victims.