Hackers Compromised Ticketfly Website and Stole Customer Database

The website of Ticketfly, a ticket distribution service owned by Eventbrite was taken offline and after a hacker compromised the website.

The website was compromised by a hacker named ‘IsHaKdZ’ who defaced the front page and replaced it with the picture of ‘v for vendetta’ character and along with the following message:

“Ticketfly HacKeD By IsHaKdZ. Your Security Down im Not Sorry. Next time I will publish database ‘backstage’ (sic).”

The hacker also said he has access to a database named ‘backstage’ and shared files containing details of customers and employe which includes name, address, phone number and email address.

According to Motherboard the hacker initially tried to warn the company about a vulnerability in the website and asked for 1 bitcoin to disclose the vulnerability. As there was no response back from the company, he decided to take down the website.

“In an email conversation with Motherboard, the hacker claimed to have warned Ticketfly of a vulnerability that allowed him to take control of “all database” for Ticketfly and its website. The hacker said they asked for 1 bitcoin to share the details of the vulnerability but did not get a reply. The hacker shared what appears to be two emails between him and a series of Ticketfly employees in which the hacker mentions the vulnerability.” said in the post published by Motherboard.

The company said it is investigation issue with other third-party cybersecurity experts to find out the extent of the breach.

The company also said they have rolled out an alternate secure website for customers. For more details, you can visit here.

“We’re pleased to let you know that Ticketfly Backstage is coming back online. We’ve engaged leading third-party forensic and cybersecurity experts to investigate and help us address the issue, and have done this with your security top of mind. More specifically, Box Office, ticket purchasing, and scanning capabilities are now being made available again.”

 

Comments

ASHIQUE SAJJAD

Ashique is a self motivated and passionate security analyst with a good knowledge in computer networking, security analysis, vulnerability assessment and penetration testing

You May Also Like