Ticketfly and several major venues’ services are still offline Friday morning as they struggle to recover from a major hack that have brought down their websites and disrupted several public on-sale concert tickets.
Ticket distribution service Ticketfly said in a statement that it has launched an ongoing investigation into the incident and has yet to confirm the “extent of the unauthorized access” after the attack first surfaced Thursday. The company said it doesn’t know when the sites will be back online.
“We’ve determined that Ticketfly.com has been the target of a cyber-incident,” a Ticketfly spokesperson told Threatpost in an email. “Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We realize the gravity of this decision, but the security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third-party forensic experts, to get our clients back up and running.”
Customers who went to Ticketfly’s homepage found a picture posted with the title “Ticketfly HacKeD By IsHaKdZ” that said [sic]: “Your Security Down im Not Sorry… Next time I will publish database ‘backstage.’”
According to a report by Motherboard, the hacker notified Ticketfly about a vulnerability enabling the data breach, and then asked for one bitcoin (around $7,500) in exchange for the information.
Ticketfly did not respond to further questions about the timeline and scope of the breach, or the data impacted.
The ticket distribution service, which is owned by Eventbrite, services several concert venues including I.M.P. Concerts, Canton Hall, Brooklyn Bowl and The Anthem. The cyber-breach also led to the shutdown of many of their websites, instead returning a message explaining that their sites were compromised and that they’re moving public on sales to popular concerts – like Florence + The Machine – to a different date.
“Ticketfly is still working hard to securely restore its ticketing system as well as our sites, but it’s unlikely that it’ll be before tomorrow’s scheduled on-sales. As such, we’re moving the following public on-sales to next week – please note the new dates/times for each,” said a note on both The Anthem and IMP’s websites.
The “backstage” database that the hacker referred to may contain client information, but that is so far unknown.
“While the company hasn’t confirmed a breach of customer data has occurred, at face value the hacker’s claim — that he/she managed to access their database via an unpatched vulnerability or misconfiguration — is well within the realm of possibility,” said Netskope CEO Sanjay Beri. “We’ve seen this time and time again with organizations failing to properly secure their data, resulting in the exposure of massive datasets on the web.”