Features
Ticketfly Back Online: Promoters, Experts Weigh In After Cyber Attack
In an unprecedented direct attack on a core events business, ticketing platform Ticketfly went offline for a few days after saying it was the “target of a cyber incident” that exposed details such as the names and email addresses of as many as 27 million customers.
After getting the site back online June 6, the company says credit and debit card information was not compromised.
While partner sites and ticketing purchases were enabled a few days earlier, a Ticketfly representative summed up the situation for Pollstar with an official statement: “Last week Ticketfly was the target of a malicious cyber attack. In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed.
“However, information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed. Upon first learning about this incident we took swift action to secure the data of our clients and fans. We take privacy and security very seriously and regret any disruption this has caused. We’re extremely grateful for the patience and support of the Ticketfly community.”
For a brief period early May 31, Ticketfly’s homepage bared a public defacement, complete with the “Anonymous” icon Guy Fawkes mask displaying the message: “Ticketfly HacKeD By IShaAkDz. Your Security Down im Not Sorry.”
Some customer information was compromised including email addresses, mailing addresses and names with the threat of more to come. There was also a ransom note demanding a single Bitcoin (about $7,500) in what was likely mostly a ploy to generate headlines.
Ticketfly swiftly took down its site as well as those of its partner venues and promoters such as D.C.-area promoter and venue operator I.M.P. (9:30 Club, Merriweather Post Pavilion, The Anthem), Chicago promoter/venue operator Jam Productions and Bowery Ballroom in New York.
Dozens of local venue sites and events like Riot Fest in Chicago were moved to temporary new webpages, sometimes using the Eventbrite platform (Ticketfly’s parent company after it acquired the former rival in 2017), to allow ticket purchases and resume business. Meanwhile, cybersecurity experts assessed the situation and Tickefly scrambled to get its platform back online but secure. Presales such as Florence + The Machine’s show at The Anthem in D.C. were pushed back a week while some concertgoers complained of lines at the door and not being able to access e-tickets for shows already purchased.
Response to the situation from promoters and venue operators reached by Pollstar varied depending on what events were going onsale or taking place during the outage, with some insinuating they could bargain for better terms or threaten to leave the platform.
However, the leader of maybe the company’s most prominent partner, the fully independent I.M.P., said he is fully committed.
“It’s an unfortunate situation that can happen to any company at any time,” Seth Hurwitz, chairman of I.M.P., owner of the 9:30 Club and The Anthem, operator of Merriweather Post Pavilion and Lincoln Theatre, told Pollstar. “If we all quit using every commerce where it did, we’d live in a small village somewhere with no communication.
“Once they were back up, daily sales were actually much higher than they were on most shows, so it looks like people that couldn’t buy on those days bought as soon as they could. Although, honestly, I never thought it would hurt sales on future shows.
“I didn’t figure people were out there saying: ‘Oh, no, if I couldn’t buy em last Thursday, no nuh-uh forget it.’ Although we did have some rather ridiculous calls from agents with shows in November that seemed to think otherwise.”
With 1,800 promoter and venue partners, Ticketfly is a major operation and, although nowhere near the size of industry goliath and Live Nation subsidiary Ticketmaster, breaches can happen to companies of any size, such as the 2014 Sony Pictures hack and the recent Equifax breach that potentially exposed sensitive details of as many as 200 million people.
“In today’s world, the breach is to be expected,” Alex Heid, chief research officer at SecurityScorecard, told Pollstar. “Ticketfly shouldn’t be ridiculed for being affected by this because they actually responded fairly quickly. Basically every company is going to be the victim of a data breach in one way or another – it’s just how you respond to it that’s going to be whether it’s big and embarrassing.”
Heid is a “white hat hacker,” which means he breaks into protected systems and networks to test and asses their security. He says the Ticketfly hackers were obviously skilled but their methods smack of a somewhat amateur operation.
“Everything is kind of indicating low-skilled actors, but they were able to pull off something fairly significant,” Heid said, noting the hackers made their names and ransom demands public. “I don’t mean they don’t know what they’re doing, but maybe the equivalent of vandals or trolls versus serious organized crime or state-sponsored groups.” Heid says risk assessments such as Securityscorecard can help businesses determine a site’s security, and bigger is not necessarily better.
“It could be quite the opposite,” Heid added. “A smaller network might be vulnerable due to inexperience, but a larger network may be vulnerable simply due to overhead and to staff trying to keep all the doors and windows locked.”
Heid said even if Ticketfly’s passwords or credit card information weren’t compromised, consumers should take note.
“When it becomes to the protection of consumer data, all companies have a problem right now. Everybody could be doing more than they should, and a surprising amount are doing nothing.” – Ryan Borba