x

The latest industry news to your inbox.


I'd like to hear about marketing opportunities

    

I accept IQ Magazine's Terms and Conditions and Privacy Policy

Alleged Ticketmaster data breach investigated

Australia’s department of home affairs is investigating the alleged theft of the personal details of 560 million Ticketmaster customers by hackers.

The notorious ShinyHunters hacking group is reportedly demanding a US$500,000 (€462,000) ransom payment for the 1.3 TB of stolen data, which is said to include partial credit card details, customer names, addresses and emails.

A department of home affairs spokesperson says it is “working with Ticketmaster to understand the incident”, while the FBI has offered assistance to Australian authorities.

VX-Underground, which describes itself as the largest collection of malware source code, samples and papers on the internet, claims the hack was carried out in April.

Citing “multiple individuals privy to and involved in the alleged Ticketmaster breach”, it tweets: “An unidentified Threat Group was able to get access to Ticketmaster AWS instances by pivoting from a Managed Service Provider.

“We can assert with a high degree of confidence the data is legitimate”

“The Ticketmaster breach was not performed by ShinyHunters group. ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the threat group responsible for the compromise.

“Based on data provided to us by the threat group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000s.”

It adds: “The data provided to us, even as a ‘sample’, was absurdly large and made it difficult to review in depth.”

Security researcher Kevin Beaumont tells the BBC: “If Ticketmaster has had a breach of this scale it is important they inform customers but it is important to also consider that sometimes criminal hackers make false or inflated claims about data breaches – so people should not be overly concerned until a breach is confirmed.”

Ticketmaster has been approached for comment on the matter, but is yet to release a statement.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Ticketmaster UK fined for 2018 data breach

The UK’s Information Commissioner’s Office (ICO) has fined Ticketmaster £1.25 million over a data breach that compromised the payment information of an estimated 9.4m customers in Europe, including 1.5m in the UK.

Concluding its investigation of a 2018 cyberattack which targeted Ticketmaster, TicketWeb and Get Me In! websites through a third-party customer support plug-in, the ICO found that Ticketmaster UK Ltd violated GDPR by failing to put in place “appropriate security measures” to protect its customers’ data.

ICO investigators found that, as a direct result of the Ticketmaster breach, 60,000 payment cards belonging to Barclays Bank customers had been subjected to known fraud. Another 6,000 cards were replaced by Monzo Bank after it suspected fraudulent use.

James Dipple-Johnstone, ICO deputy commissioner, says Ticketmaster failed to assess the risks of including the third-party product, a chatbot developed by Inbenta Technologies, on its payment page, as well implement appropriate security measures to negate those risks.

“Looking after their customers’ personal details safely should be at the top of organisations’ agenda”

The company also failed to identify the source of the fraudulent activity in a timely manner, having taken nine weeks from first being alerted to possible fraud (in February 2018) to finally monitoring the network traffic through its online payment page, according to the ICO.

“When customers handed over their personal details, they expected Ticketmaster to look after them,” says Dipple-Johnstone (pictured). “But they did not. Ticketmaster should have done more to reduce the risk of a cyberattack. Its failure to do so meant that millions of people in the UK and Europe were exposed to potential fraud.

“The £1.25 million fine we’ve issued today will send a message to other organisations that looking after their customers’ personal details safely should be at the top of their agenda.”

The Ibenta bot was removed from Ticketmaster’s websites in June 2018.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Hackers target livestreamed IPO fundraiser

The disruption of an Israel Philharmonic Orchestra (IPO) virtual concert and fundraising gala last weekend was caused by a cyberattack, the orchestra has confirmed.

The attack – the first outage of a major livestreamed show since the format took off amid the coronavirus pandemic – crashed the websites of the IPO and its broadcast partner, Medici.tv, during the stream on Sunday 28 June.

More than 13,000 people had registered to view the hour-long event, hosted by Dame Helen Mirren, which aimed to help the orchestra overcome financial losses as a result of Covid-19.

No group has claimed responsibility for hacking the stream.

“Hackers were determined to silence our message and stamp out our voice, but they will not succeed”

“We were thrilled that so many had registered to join us for this event, giving us the opportunity to bring the healing power of music to people who need it at this difficult time,” comments Tali Gottlieb, executive director of the IPO Foundation.

“Our organisation had high hopes that this event would help us raise emergency funds to support the members of the Israel Philharmonic in the face of an unprecedented financial crisis.”

Danielle Ames Spivak, executive director of American Friends of the Israel Philharmonic Orchestra, which helped organise the event, adds: “Hackers were determined to silence our message and stamp out our voice, but they will not succeed. More than ever, we are determined to spread the Israel Philharmonic’s message of hope, peace, and beauty around the world.”

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Man jailed for Hellfest cyberattack

A computer scientist has been sentenced to a month in prison for hacking into the onsale for French metal festival Hellfest.

On 9 October, the man took the festival’s ticketing servers offline by sending 46,000 simultaneous connections to its Weezevent-powered box office, a court in Bobigny, Paris, heard. The man works in cybersecurity and is part of a group of hackers, but had no previous criminal convictions, according to 20 Minutes.

Found guilty of “fraudulent [activities] in an automated data-processing system”, the man was fined, in addition to the one-month jail term. The prosecution had pushed for a three-month suspended sentence.

The hacker told he wanted to buy tickets for Hellfest 2020 without “having to queue”

While the hacker reportedly told police that he wanted to buy tickets for Hellfest 2020 without “having to queue”, festival director Ben Berbaud tells Ouest-France the man did not buy a single pass. (During the half-hour cyberattack, all other buyers were presented with an error page.)

Even with the downtime, the festival sold out all 55,000 three-day passes in an hour and a half.

Hellfest 2020, the 15th edition of the event, takes place 19–31 June 2020. Hellfest 2019 performers included Kiss, Tool, Manowar, Def Leppard, Lynyrd Skynyrd, Whitesnake and Slayer.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Eventbrite faces lawsuit in fallout from shares drop

Eventbrite shareholders are taking a class action lawsuit against the ticketing and events company, alleging they were misled at the time of the company’s initial public offering (IPO) in September 2018.

International securities and consumer rights litigation firm Scott+Scott Attorneys at Law LLP filed the lawsuit on behalf of claimants who purchased Eventbrite stock in the company’s IPO at US$23 a share.

The lawsuit alleges that Eventbrite misled potential buyers in its IPO registration statement, declaring that the acquisition of ticketing platform Ticketfly “had a positive impact” on net revenue growth” in the third quarter of 2017.

The claimants also state that the company failed to disclose that, at the time of IPO, the Ticketfly migration was progressing more slowly than stated, therefore delaying integration and negatively impacting growth.

Eventbrite shares have dropped more than 50%, from over $32 to almost $16, in the past three months.

The lawsuit alleges that Eventbrite misled potential buyers in its IPO registration statement

Shares first declined on 7 March 2019, upon the release of Eventbrite’s annual financial results and the admission that the Ticketfly integration “will impact revenues in the short-term”. Shares then dropped further, to $17, in May following a weaker-than-expected financial start to 2019.

At the end of May, Eventbrite Music president and Ticketfly co-founder Andrew Dreskin stepped down from his role to transition to an advisory position.

The company’s shares remain down at $15.74, at the time of publishing (6 June).

Eventbrite declined to comment.

The lawsuit is not the first that Eventbrite has faced in relation to Ticketfly. Claimants attempted to sue the company following a Ticketfly hack in May 2018, alleging that “lax cybersecurity procedures” allowed hackers to gain access to 27 million customers’ personal data.

An Illinois judge dismissed the case earlier this week. The claimants have until 9 June to file an amended complaint.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

64,000 Tomorrowland-goers compromised in data breach

The personal data of tens of thousands of attendees of Tomorrowland 2014 has been compromised in a suspected cyberattack, the festival has confirmed.

Personal information of 64,000 people who bought tickets through Paylogic, including names, email addresses and postcodes, may have been stolen after hackers gained access to an old festival database, although sensitive data such as payment information was not affected, according to Tomorrowland press coordinator Debby Wilmsen

Speaking to Flemish-language daily De Standaard, Wilmsen says the Belgian festival, one of the world’s largest electronic dance music (EDM) events, reported the breach to the Dutch Data Protection Authority before contacting customers.

“The managers of the Paylogic ticketing system noticed some unusual activity on an older system,” she explains. “After careful analysis, it appeared that an old database from Tomorrowland 2014 was responsible. The server in question was immediately taken offline.”

“An old database from Tomorrowland 2014 was responsible. The server in question was immediately taken offline”

“When we were informed about this by Paylogic, we first informed the Data Protection Authority. We then decided to send an email to all affected visitors to inform them.”

The data that was compromised, she adds, “only contains [visitors’] names, email address, gender, age and postal code. The payment details, passwords and addresses of the users are not included.”

News of the Paylogic breach follows similar hacks of other ticketing systems, including Ticketmaster and, more seriously, Eventbrite’s Ticketfly, both this summer.

In a statement, Paylogic (now owned by France’s Vivendi) says it has “taken all necessary actions” to prevent access to other old databases. “We also continue to invest in the security of our system,” it adds. “This incident only affects Tomorrowland 2014 and not our other customers.”

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Ticketmaster hack “the tip of the iceberg”

The recent Ticketmaster data breach formed part of a “massive digital credit card-skimming campaign” that affected more than 800 other websites, according to a leading cyber-security company.

The breach, announced in late June, involved malicious software on a customer-support product hosted by a third-party supplier, Inbenta Technologies, that ran on Ticketmaster International, Ticketmaster UK, Get Me In! and TicketWeb websites. Those potentially affected are British customers who bought or attempted to buy tickets between February and 23 June 2018, and international customers who used the service between September 2017 and 23 June 2018.

While the hack was initially thought to be an isolated incident, a new report by security firm RiskIQ, Inside and Beyond Ticketmaster: The Many Breaches of Magecart, reveals the compromised Ibenta plug-in also ran on hundreds of other websites, including “many of the most frequented ecommerce sites in the world”.

According to RiskIQ, the attack was undertaken by a hacking group, Magecart, who placed a “digital skimmer” – an internet version of the physical ‘skimmers’ hidden in credit-card readers in shops and cash machines – on the Ticketmaster sites via Ibenta.

In addition to the Ibenta Technologies software, the RiskIQ report continues, Magecart injected its skimmer into another third-party supplier, SociaPlus, which is running on other Ticketmaster websites, including Ticketmaster Germany and Ticketmaster Australia.

Also affected is a third supplier, known as PushAssist, which provides analytics for websites, says RiskIQ.

“The Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern”

Describing the Ticketmaster incident as “the tip of the iceberg, the report’s authors, Yonathan Klijnsma and Jordan Herman, say: “The Ticketmaster incident received quite a lot of publicity and attention, but the Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern. We’ve identified over 800 victim websites from Magecart’s main campaigns, making it likely bigger than any other credit card breach to date. In the case of a single, highly targeted campaign we dubbed SERVERSIDE, we identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.

“Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection. Previously, they compromised individual websites and added new Javascript or links to remote Javascript files, but they seem to have [got] smarter – rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.

“Currently, the publicly reported breaches are wrongly interpreted and sometimes aren’t breaches at all. They’re all part of the operation of Magecart, a single group that many reports fail to identify, which is spreading faster and wider than ever before.”

RiskIQ first identified the existence of Magecart – which has previously compromised the websites of publisher Faber and Faber and fashion brands Guess and Rebecca Minkoff – in October 2016.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Ticketmaster customer info compromised after data breach

Ticketmaster customers have been warned that they could be at risk of identity theft after the company yesterday confirmed that data had been compromised after an extensive data breach. The breach involved a malicious software on a customer support product hosted by an external third party supplier, Inbenta Technologies.

The product ran on Ticketmaster International, Ticketmaster UK, Get Me In and TicketWeb websites. Those potentially affected are UK customers who bought or attempted to buy tickets between February and 23 June 2018 and international customers who used the service between September 2017 and 23 June. Those thought to be affected have been notified.

Ticketmaster is advising those affected to change their passwords on their next sign in and monitor their account statements for evidence of fraudulent activity. Impacted customers are also being offered a free 12 month identity monitoring service with a leading provider. On a dedicated website set up to addressing the questions of those affected, Ticketmaster says it is working with relevant authorities, credit card companies and banks, as well as forensic teams and security experts.

Ticketmaster serves over 230 million customers worldwide each year, though it believes less than 5% have been affected by the breach.

The Guardian is reporting that a number of Ticketmaster customers have already experienced fraudulent activity on their accounts. According to the newspaper, people have identified unauthorised transfers using the service Xendpay and unauthorised purchasing of Uber gift cards and payments to Netflix.

The news of this data breach is the second event of its kind involving a ticketing company in recent weeks. Earlier this month, leading US ticketing platform Ticketfly was involved in a cyber attack which led to the data from 27 million accounts being compromised. Ticketmaster serves over 230 million customers worldwide each year, though it believes less than 5% have been affected by the breach.

Both events are particularly timely, coming just a month after the adoption of the new European General Data Protection Regulation (GDPR) on 25 May. GDPR requires all companies, even outside of the EU to ensure that data belonging to European citizens be treated with “an appropriate level of security”.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Ticketfly back online, confirms 27m accounts compromised

After resuming limited service on Monday, all Ticketfly services are back online.

After consulting with “third-party forensic cybersecurity experts”, the US ticket seller has confirmed earlier reports that approximately 27 million accounts were accessed in last week’s cyberattack , although – crucially – no credit or debit card information was stolen. However, personal information, including names, addresses, email addresses and phone numbers, connected to the ~27m accounts was compromised.

“Upon first learning about this incident we took swift action to secure the data of our clients and fans,” says a spokesperson for the Eventbrite-owned company. “We take privacy and security very seriously and regret any disruption this has caused. We’re extremely grateful for the patience and support of the Ticketfly community.”

All account information, including passwords, were automatically reset following the attack.

Interestingly, Australian cybersecurity expert Troy Hunt, of haveibeenpwned.com, reveals more than two thirds of the compromised information was already in the site’s database – indicating it had been stolen previously in a hack of another website.

In the aftermath of the attack, several American promoters and venues were forced to postpone or migrate to another ticketing system last Friday’s onsales. A number of Ticketfly-powered websites were also downed along with Ticketfly.com.

The timing of the hack was especially sensitive, coming just a week after the implementation of the European General Data Protection Regulation (GDPR), which compels all companies – even those outside the EU, but which hold data on EU citizens – to ensure “an appropriate level of security” to protect data from theft or destruction.

The hacker, ‘IsHaKdZ’ – who claimed to have also obtained Ticketfly’s ‘backstage’ database, which is believed to contain client, rather than customer, information – has not yet resurfaced.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Ticketfly resumes limited service

Ticketfly clients will once again be able to access and manage their accounts as the leading US ticketing company resumes a limited online service after last week’s cyber incident. Access to Ticketfly Backstage will be reinstated, meaning Box Office, ticket purchasing and scanning capabilities will be available.

This announcement comes with the news that Ticketfly.com and the Ticketfly iOS app, among other services, will remain offline as investigations continue. Reports from the Associated Press suggest the data breach could have affected up to 26 million user accounts, however the exact extent remains unknown.

After onsales took a hit on Friday, Ticketfly have worked around the clock to get the core of its platform back up and running again. In a statement regarding the attack, Ticketfly said: “It’s critical that the information we share with you is accurate and backed by certainty.

“The reality is cyber incidents are unique, and the investigations typically take more time than one would like because the full picture of what happened isn’t always quick to develop.”

Last week’s incident saw the Ticketfly.com website crashed by hacker(s) ‘IsHaKdZ’, who threatened to publish the website’s database. After this incident, Ticketfly made the decision to take the entirety of its service down, in the interest of client and customer safety.

“We assure you we are taking this very seriously and are committed to providing updates as appropriate.”

Though investigators aren’t sure at present the scale of the data breach, Ticketfly have said that names, addresses, emails and phone numbers of Ticketfly fans have been targeted. After the recent implementation of the European General Data Protection Regulation (GDPR), which requires all companies, even outside of the EU, to ensure an “an appropriate level of security” with data belonging to Europeans, this is a delicate situation.

On the data breach, Ticketfly has said: “We understand the importance you place on the privacy and security of your data and we deeply regret any unauthorised access to it.

“We assure you we are taking this very seriously and are committed to providing updates as appropriate.”

In the interim, users of the service are being asking to log into their accounts and reset their password. After doing this they will have access to all previously purchased tickets.

 


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.