[BreachExchange] Hacker Defaces Ticketfly’s Website, Steals Customer Database

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 31 19:02:02 EDT 2018


A hacker briefly took over Ticketfly’s website, defacing it with a picture
of the V for Vendetta character and a claim of responsibility. The hacker
also sent Motherboard files of what they say is employee and customer
information taken from Ticketfly’s database.

“Ticketfly HacKeD By IsHaKdZ,” read the message, according to a screenshot
posted on Twitter. “Your Security Down im Not Sorry.”

Ticketfly, which is owned by Eventbrite, took down the site and posted a
message saying that the company had been “the target of a cyber incident.”
Ticketfly sells tickets for many major nightclubs in the United States,
including Brooklyn Bowl and the 9:30 Club in Washington, DC. The websites
for those clubs are still down, as is Ticketfly’s main website.

“Out of an abundance of caution, we have taken all Ticketfly systems
temporarily offline as we continue to look into the issue. We are working
to bring our systems back online as soon as possible,” the company’s sites

When reached for comment, the company sent back the exact same statement.
The company did not say whether any event tickets were stolen or otherwise

In an email conversation with Motherboard, the hacker claimed to have
warned Ticketfly of a vulnerability that allowed him to take control of
“all database” for Ticketfly and its website. The hacker said they asked
for 1 bitcoin to share the details of the vulnerability but did not get a
reply. The hacker shared what appears to be two emails between him and a
series of Ticketfly employees in which the hacker mentions the

“Hi bill i’m the hacker,” reads the subject of the first purported email,
which they shared with Motherboard. “Your database and your file I have it.”

A Ticketfly spokesperson declined to respond when asked whether the hacker
had gotten in touch with the company.

The hacker also pointed to a server where they uploaded a series of
allegedly hacked files.

Among them, there are several CSV spreadsheet files containing what appear
to be personal details of Ticketfly customers and employees, including
names, home and email addresses, and phone numbers. Each spreadsheet
contains thousands of names. Motherboard is actively trying to confirm the
validity of these documents, however some of the names correspond to the
real names and email addresses of employees at music venues that use

We were able to confirm the personal details of six users, which indicates
the hacked data is legitimate.

As of this writing, the website is still down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180531/c761e62e/attachment.html>

More information about the BreachExchange mailing list