The hacker defaced the Ticketfly website with a picture of Guy Fawkes and a warning that read “Your Security Down im Not Sorry.” The attacker also published a yandex.com email account along with the following message:
“Ticketfly HacKeD By IsHaKdZ. Your Security Down im Not Sorry. Next time I will publish database ‘backstage’ (sic).”
The hacker also warned administrators that it has access to a database titled “backstage,” he shared links to files containing customer and client information, including names, physical addresses, phone numbers and email addresses.
Ticketfly, which is owned by Eventbrite, has taken down the site in response to the incident and posted a data breach notification.
“We are currently investigating a cybersecurity incident targeting Ticketfly.com that has resulted in the compromise of some client and customer information. After learning of the incident, we immediately launched an investigation, and out of an abundance of caution, we took the site down while we work to address the issue.” reads the data breach notification published by the company,
“Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible,”
— Troy Hunt (@troyhunt) May 31, 2018
Everyone has purchased tickets via the Ticketfly platform will have to print them out and bring a photo ID to the venue hosting the event. Tiketfly provides printed guest lists to the venue.
People who have tickets purchased by other people may need to show the original payment card used to buy the ticket, a copy of the original buyer’s ID, and an authorization note from the original buyer.
Motherboard has spoken with the hacker who confirmed that initially attempted to contact the company to report a vulnerability in the website but without success. He asked for the payment of 1 bitcoin di disclose the issue, but without receiving reply he decided to exploit the flaw.
Motherboard confirmed the authenticity at least some of the records stored in the files leaked by the hacker.
“In an email conversation with Motherboard, the hacker claimed to have warned Ticketfly of a vulnerability that allowed him to take control of “all database” for Ticketfly and its website.” wrote Lorenzo Bicchierai on Motherboard. “The hacker said they asked for 1 bitcoin to share the details of the vulnerability but did not get a reply. The hacker shared what appears to be two emails between him and a series of Ticketfly employees in which the hacker mentions the vulnerability.”
The company confirmed that is still investigating the issue in order to determine the extent of the security breach.
“Our investigation into the incident is ongoing. We’re putting all of our resources to confirm the extent of the unauthorized access. We’re committed to communicating with all customers once we have more information about the scope of the issue,” Ticketfly told customers.” continues the notification.
(Security Affairs – Ticketfly, data breach)