Yesterday on May 31st, 2018, a popular Eventbrite’s ticket distribution online service Ticketfly was hacked into by IsHaKdZ. According to the motherboard.vice.com the hacker asked for 1BTC ($7549) but still has not received an answer from the company. What a horrible surprise for the service that is planning to celebrate its 10th birthday this year.
This Thursday instead of the usual Ticketfly’s main page, a screen with a distinctive Guy Fawkes mask and a message appeared saying that the page’s security is down and it has been hacked into. On the bottom of the message there was an email ([email protected]) of the crook behind the attack. As it was reported to the Motherboard.com hacker tried to talk with a company sending them a couple emails, talking about the found vulnerabilities, yet the company didn’t reply further.
Later, malware enthusiast Michael Villado shared the screenshots of the attack and the files list which seemed like a collected Ticketfly members’ information. Same day Eventbrite took down the Ticketfly’ services offline while figuring out how to solve the data breach and put the white message stating that the website is temporarily compromised.
Ticketfly has also added the FAQ where they posted the most important answers about the attack for the public. They stated that company is still investigating and isn’t sure when will they continue their services. For the users who bought the tickets to the upcoming events, Eventbrite suggests to print the copy of their ticket if they have one, and take the original buyer’s ID and the credit card used to purchase a ticket. If you are not the original buyer then the photocopies of the main buyer’s documents mentioned above together with the note authorizing you to pick the tickets.
Furthermore, Ticketfly’s support advice to follow the social media pages of the events and look for the real-time updates, and assured that the company will send the guest list to the venues. If they haven’t downloaded it themselves from the hacked websites, together with participant’s email addresses, phone numbers and Ticketfly’s employees’ data. It is not known if any tickets got stolen.
Ticketfly’s officials said:
The security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third-party forensic experts, to get our clients back up and running.
Since Ticketfly is still not accessible to the public this means that the company has still not yet resolved the issue. Hopefully, Eventbrite has a plan B or a sophisticated cyber security team, because it would be a shame to lose such profitable and expensive service that in 2017 company bought from Pandora for $200 million dollars.