news|16 Apr 2025
news
Ticketfly back online, confirms 27m accounts compromised
All Ticketfly services are back to normal, with 27m accounts now known to have been compromised – albeit containing only 32% unique customer data
By Jon Chapple on 07 Jun 2018
image © Ananya Jain
After resuming limited service on Monday, all Ticketfly services are back online.
After consulting with “third-party forensic cybersecurity experts”, the US ticket seller has confirmed earlier reports that approximately 27 million accounts were accessed in last week’s cyberattack , although – crucially – no credit or debit card information was stolen. However, personal information, including names, addresses, email addresses and phone numbers, connected to the ~27m accounts was compromised.
“Upon first learning about this incident we took swift action to secure the data of our clients and fans,” says a spokesperson for the Eventbrite-owned company. “We take privacy and security very seriously and regret any disruption this has caused. We’re extremely grateful for the patience and support of the Ticketfly community.”
All account information, including passwords, were automatically reset following the attack.
Interestingly, Australian cybersecurity expert Troy Hunt, of haveibeenpwned.com, reveals more than two thirds of the compromised information was already in the site’s database – indicating it had been stolen previously in a hack of another website.
New breach: Ticketfly had 26M records posted publicly including email and physical addresses, names and phone numbers. 68% were already in @haveibeenpwned. Read more: https://t.co/Y710fLhjyt
— Have I Been Pwned (@haveibeenpwned) June 3, 2018
In the aftermath of the attack, several American promoters and venues were forced to postpone or migrate to another ticketing system last Friday’s onsales. A number of Ticketfly-powered websites were also downed along with Ticketfly.com.
The timing of the hack was especially sensitive, coming just a week after the implementation of the European General Data Protection Regulation (GDPR), which compels all companies – even those outside the EU, but which hold data on EU citizens – to ensure “an appropriate level of security” to protect data from theft or destruction.
The hacker, ‘IsHaKdZ’ – who claimed to have also obtained Ticketfly’s ‘backstage’ database, which is believed to contain client, rather than customer, information – has not yet resurfaced.
Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.
