Hacker Defaces Ticketfly’s Website, Steals Customer Database

A hacker briefly took over Ticketfly’s website, defacing it with a picture of the V for Vendetta character and a claim of responsibility. The hacker also sent Motherboard files of what they say is employee and customer information taken from Ticketfly’s database.

“Ticketfly HacKeD By IsHaKdZ,” read the message, according to a screenshot posted on Twitter. “Your Security Down im Not Sorry.”

Ticketfly, which is owned by Eventbrite, took down the site and posted a message saying that the company had been “the target of a cyber incident.” Ticketfly sells tickets for many major nightclubs in the United States, including Brooklyn Bowl and the 9:30 Club in Washington, DC. The websites for those clubs are still down, as is Ticketfly’s main website.

“Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible,” the company’s sites say.

When reached for comment, the company sent back the exact same statement. The company did not say whether any event tickets were stolen or otherwise compromised.

In an email conversation with Motherboard, the hacker claimed to have warned Ticketfly of a vulnerability that allowed him to take control of “all database” for Ticketfly and its website. The hacker said they asked for 1 bitcoin to share the details of the vulnerability but did not get a reply. The hacker shared what appears to be two emails between him and a series of Ticketfly employees in which the hacker mentions the vulnerability.

“Hi bill i’m the hacker,” reads the subject of the first purported email, which they shared with Motherboard. “Your database and your file I have it.”

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzo@jabber.ccc.de, or email lorenzo@motherboard.tv

A Ticketfly spokesperson declined to respond when asked whether the hacker had gotten in touch with the company.

The hacker also pointed to a server where they uploaded a series of allegedly hacked files.

Among them, there are several CSV spreadsheet files containing what appear to be personal details of Ticketfly customers and employees, including names, home and email addresses, and phone numbers. Each spreadsheet contains thousands of names. Motherboard is actively trying to confirm the validity of these documents, however some of the names correspond to the real names and email addresses of employees at music venues that use Ticketfly.

We were able to confirm the personal details of six users, which indicates the hacked data is legitimate.

As of this writing, the website is still down.

This story has been updated with new information after we confirmed that the stolen data is legitimate.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.

READ MORE HERE