Some of Ticketfly’s services were back online Tuesday after a “cyber incident” waylaid the popular concert and sporting event ticketing website last Thursday.
Still, much of the website remains down. Eventbrite, the San Francisco-based company that owns Ticketfly, told The Washington Post in a statement that an investigation into the breach is ongoing, but it confirmed that “some customer information has been compromised as part of the incident, including names, addresses, emails, and phone numbers of Ticketfly fans.”
“We understand the importance our customers place on the privacy and security of their data and we deeply regret any unauthorized access to it,” the statement added. “This is an ongoing investigation and we will continue to provide updates as appropriate.”
“Have I Been Pwned,” an independent website that tracks data breaches, reported that the hack affected more than 26 million users. Eventbrite could not confirm this number.
Most Read Business Stories
- Amazon grabs large downtown Bellevue property next to transit hub
- Largest e-recycling fraud in U.S. history sends owners of Kent firm to prison
- Boeing CEO denies any ‘technical slip’ in 737 MAX crashes, as grounding cuts into profit and cash reserves
- Peek inside the Hunts Point mansion, famous for huge art collection, that sold for record $37.5 million WATCH
- Billionaires are worried about capitalism — they should look in a mirror | Jon Talton
“Our investigation into the incident is ongoing, and it’s critical that the information we share is accurate,” a spokeswoman told The Post. “We are actively working with a team of forensic and cybersecurity experts. Cyber incidents are unique, and the investigations typically take time.”
The breach occurred last Thursday, when a hacker using the nom de plume IsHaKdZ replaced the website’s homepage with an image of the character V from the 2005 film “V for Vendetta.” The character is a British anarchist who wears a Guy Fawkes mask and violently protests the fascist government in a fictional portrayal of Britain.
Under this image was the hacker’s email address and a message: “Your Security Down im Not Sorry. Next time I will publish database ‘backstage.'(sic)”
The breach caused headaches for venues around the country that primarily rely on digital ticketing.
“Due to the current Ticketfly outage, we ask that you please print your tickets if possible. For those with will call tickets, please head to our box office. Tickets will be available at the door! Thank you for your patience,” tweeted the 9:30 Club, a popular concert venue in Washington, D.C.
The Space Gallery, an arts venue in Portland, Maine, had resorted to selling tickets at the door for a concert by Chicago multi-instrumentalist Nnamdi Ogbonnaya.
The primary fear for users involved in any major data breach is the idea that a hacker could use their information to commit identity fraud or to access their financial institutions. Troy Hunt, who runs the “Have I Been Pwned” website, told the Associated Press that this breach isn’t as dire as some because IsHaKdZ did not take passwords.
In a conversation with Mashable, the hacker claimed to have warned Ticketfly of a vulnerability on its website and requested a ransom to fix it.
“(Yes) i asked them 1 bitcoin for protection. But I did not receive a reply from them (sic),” the hacker told Mashable. The hacker also shared a large directory of spreadsheet files that seemed to contain personal data for Ticketfly customers and employees with the media outlet. Mashable said it confirmed that some of this data was authentic.