Ticketfly takes its websites offline as it scrambles to recover from hack
Events ticketing company Ticketfly has been compromised by a digital attack, according to an announcement today on Twitter. “Following recent site issues,” the statement reads, “we determined that Ticketfly has been the target of a cyber incident. To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline.”
Billboard says users began noticing site defacement yesterday around 9PM PST. The hacker, who called themselves IsHaKdZ, replaced Ticketfly’s website with a picture of Guy Fawkes and a warning that read “Your Security Down im Not Sorry.” The hacker also left a yandex.com email account and cautioned that they had access to a database titled “backstage,” which holds client information for all of the venues, promoters, and festivals that utilize Ticketfly’s services.
The hacker appears to have compromised Ticketfly’s webmaster, as the defaced sites are served with Ticketfly’s HTTPS certificate intact. The hack also affected a number of Ticketfly’s sites simultaneously — including Brooklyn Bowl, Pearl Street Warehouse, and Lafayette Theater — which may have served through the same system.
Billboard says engineers were up all night dealing with the damage, and the company has taken everything offline while it continues to investigate.
Personal data appears to have been compromised. Motherboard reports it had an email conversation with the hacker, who asked for one bitcoin in exchange for details on Ticketfly’s vulnerability. While the hacker did not respond to this, they pointed toward a server that held allegedly hacked files, including several CSVs with names, home and email addresses, and phone numbers of employees at music venues. The validity of this information has yet to be determined.
The Verge reached out to Ticketfly for a statement on the hack. A spokesperson for the company reiterated it was the target of a cyber incident, but was unable to comment on whether anyone’s personal information was breached, saying, “The security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third-party forensic experts, to get our clients back up and running.”
Following recent site issues, we determined that Ticketfly has been the target of a cyber incident. To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline. We’ll keep you updated.— Ticketfly Support (@FlySupport) May 31, 2018