24 hours after 'IsHaKdZ' downed Ticketfly.com, the ticketer continues to investigate the impact of the breach, which has left scores of US venues without websites
Sign up for IQ Index
The latest industry news to your inbox.
All Ticketfly services are back to normal, with 27m accounts now known to have been compromised – albeit containing only 32% unique customer data
By Jon Chapple on 07 Jun 2018
After resuming limited service on Monday, all Ticketfly services are back online.
After consulting with “third-party forensic cybersecurity experts”, the US ticket seller has confirmed earlier reports that approximately 27 million accounts were accessed in last week’s cyberattack , although – crucially – no credit or debit card information was stolen. However, personal information, including names, addresses, email addresses and phone numbers, connected to the ~27m accounts was compromised.
“Upon first learning about this incident we took swift action to secure the data of our clients and fans,” says a spokesperson for the Eventbrite-owned company. “We take privacy and security very seriously and regret any disruption this has caused. We’re extremely grateful for the patience and support of the Ticketfly community.”
All account information, including passwords, were automatically reset following the attack.
Interestingly, Australian cybersecurity expert Troy Hunt, of haveibeenpwned.com, reveals more than two thirds of the compromised information was already in the site’s database – indicating it had been stolen previously in a hack of another website.
— Have I Been Pwned (@haveibeenpwned) June 3, 2018
In the aftermath of the attack, several American promoters and venues were forced to postpone or migrate to another ticketing system last Friday’s onsales. A number of Ticketfly-powered websites were also downed along with Ticketfly.com.
The timing of the hack was especially sensitive, coming just a week after the implementation of the European General Data Protection Regulation (GDPR), which compels all companies – even those outside the EU, but which hold data on EU citizens – to ensure “an appropriate level of security” to protect data from theft or destruction.
The hacker, ‘IsHaKdZ’ – who claimed to have also obtained Ticketfly’s ‘backstage’ database, which is believed to contain client, rather than customer, information – has not yet resurfaced.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.