Ticketfly, Major Concert Venues Still Offline After Hack

UPDATE

Ticketfly and several major venues’ services are still offline Monday morning as they struggle to recover from a major hack that have brought down their websites and disrupted several public on-sale concert tickets.

Ticket distribution service Ticketfly said in a statement that it has launched an ongoing investigation into the incident and has yet to confirm the “extent of the unauthorized access” after the attack first surfaced Thursday. The company said it doesn’t know when the sites will be back online.

A new report from researcher Troy Hunt’s security website haveibeenpwned.com estimates that 26 million have been impacted by the breach, including unique email addresses along with names, physical addresses and phone numbers.

As of Monday morning, Ticketfly said in a statement that Ticketfly.com, the Ticketfly iOS app, Promoter, Pulse, and Fanbase are still offline; however, Ticketfly Backstage (which includes ticket purchasing), is coming back online – so users can sell tickets online again.

“We’ve determined that Ticketfly.com has been the target of a cyber-incident,” a Ticketfly spokesperson told Threatpost in an email when the breach was first disclosed. “Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We realize the gravity of this decision, but the security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third-party forensic experts, to get our clients back up and running.”

Customers who went to Ticketfly’s homepage last week found a picture posted with the title “Ticketfly HacKeD By IsHaKdZ” that said [sic]: “Your Security Down im Not Sorry… Next time I will publish database ‘backstage.'”

The hacker also left a yandex.com email account.

> Check the homepage. pic.twitter.com/KPDu6PsjIJ
>
> — Michael Stenberg (@MichaelStenberg) May 31, 2018

According to a report by Motherboard, the hacker notified Ticketfly about a vulnerability enabling the data breach, and then asked for one bitcoin (around $7,500) in exchange for the information.

Ticketfly did not respond to further questions about the timeline and scope of the breach, or the data impacted.

The ticket distribution service, which is owned by Eventbrite, services several concert venues including I.M.P. Concerts, Canton Hall, Brooklyn Bowl and The Anthem. The cyber-breach also led to the shutdown of many of their websites, instead returning a message explaining that their sites were compromised and that they’re moving public on sales to popular concerts – like Florence + The Machine – to a different date.

“Ticketfly is still working hard to securely restore its ticketing system as well as our sites, but it’s unlikely that it’ll be before tomorrow’s scheduled on-sales. As such, we’re moving the following public on-sales to next week – please note the new dates/times for each,” said a note on both The Anthem and IMP’s websites.

The “backstage” database that the hacker referred to may contain client information, but that is so far unknown.

“While the company hasn’t confirmed a breach of customer data has occurred, at face value the hacker’s claim — that he/she managed to access their database via an unpatched vulnerability or misconfiguration — is well within the realm of possibility,” said Netskope CEO Sanjay Beri. “We’ve seen this time and time again with organizations failing to properly secure their data, resulting in the exposure of massive datasets on the web.”

Ticketfly encouraged venue owners and operators to use social channels to communicate with fans, but the breach has led to confusion and anger from ticket buyers and concert goers, who took to Twitter to express their frustrations and questions:

> There is an onsale tomorrow for a concert. I believe you are the only point of sale. Supposed to be at 10am tomorrow for distillers in Las Vegas. Can you please advise on this. Will the sale be postponed??
>
> — Neena Gill (@neenakill) June 1, 2018

> Ummm….what about tix & pkng passes for a weekend event that starts today? #capitaljazzfest2018 – drove 5hrs, got hotel for 4 days, & no ability 2 access our tix. What can we do? Please help!
>
> — CJ (@TnkerBelle) June 1, 2018

> Is my personal information compromised?
>
> — Tyler Churchill (@_TylerChurchill) May 31, 2018

_This story was updated June 4 at 8:00 a.m. with updates on the status of Ticketfly’s website and information on the number of customers impacted. _