Original article published on Motherboard (06/04/18) by Lorenzo Franceschi-Bicchierai
Sensitive information about Ticketfly's users was stolen last week when a hacker hijacked the ticket distributor's website. The attacker also posted some of the stolen data online, while Ticketfly parent Eventbrite said the incident is still under investigation. Eventbrite has not disclosed the extent of the breach, or how much or what kind of data was compromised. "In consultation with leading third-party forensic and cybersecurity experts, we confirmed that some customer information has been compromised as part of the incident, including names, addresses, emails and phone numbers of Ticketfly fans," a Ticketfly spokesperson stated. Motherboard's analysis of public files posted by the hacker uncovered more than 26 million unique email addresses of Ticketfly users, as well as their home and billing addresses and phone numbers; passwords and credit card details were not exposed. The hacker said they contacted Ticketfly before the intrusion, alerting them of a bug and demanding a 1-bitcoin ransom to help them correct it. The hacker then defaced Ticketfly's site when the company did not respond. "This is an ongoing investigation and we will continue to provide updates as appropriate," said the Ticketfly spokesperson.
Read the full story on the Motherboard website.