26 Million Records May Have Been Exposed By Ticketfly Server Breach

The company’s website remains offline as a third-party forensic and cybersecurity team investigates the nature of the attack.

Ticketfly has launched an investigation into a cybersecurity incident that took place on Wednesday, May 30, 2018, wherein the private data of as many as 26 million customers could have been exposed after a database was compromised by a hacker.

According to an official announcement from Ticketfly, the hacker may have accessed, personal details “including names, addresses, emails, and phone numbers” of Ticketfly customers. This information can be employed by malicious actors to target individuals with phishing emails.

If you believe you may have been among those Ticketfly customers exposed, it’s pertinent that you maintain vigilance against threats:

• Change your password immediately.
• Refrain from opening up unsolicited emails from unknown senders.
• Ensure you login through the official Ticketfly portal, and not from a website linked through an email or message.

Before it was taken down completely, those who visited the Ticketfly site the day of the incident were greeted by the Guy Fawkes mask adorned stiletto wielding enemy of the state from V for Vendetta.

Image courtesy of Michael Stenberg’s Twitter feed.

Ticketfly responded to the breach by taking all of its systems offline. Meanwhile the hacker boldly reached out to journalists at Motherboard providing files and emails supposedly taking place between the hacker and Ticketfly employees. In an email the hacker divulged that they got no response from Ticketfly after attempting to extort 1 bitcoin in exchange for revealing the details of a vulnerability.

Centralized systems that hinge on single points of failure are targets for hackers, and holding information for ransom is a common tactic in cyber espionage. The incident with Ticketfly is another reminder that legacy systems need to be updated as malicious actors have become more sophisticated.

At present time Ticketfly’s main site is still offline, but no longer down. Instead of the normal page, it offers up a message of explanation to users and a link they can use to log in to manage their accounts.

MetaCert is creating solutions for anti-phishing, child safety, brand protection, crypto-address verification, and news credibility with the MetaCert Protocol. You can find out more about the MetaCert Protocol by joining our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite, to protect yourself from phishing scams before it’s too late.