You Probably got 'Pwned' in the Recent Ticketfly Data Breach

This article details recent news of the 26-million user data breach for Ticketfly. It also highlights a recent update on the 92-million user data breach of MyHeritage from last October.

Two high profile data breaches: one from October of last year and one from just last week. Of course, there have been a ton of data breaches in the last few years.

Hackers got 92 million user emails from DNA testing site MyHeritage last October. But the company only just released an announcement addressing the issue June 4, 2018.

More recently, the online ticket distribution service Ticketfly had its own data breach.

Hackers stole around 26-million user emails and home addresses, though the company has said the data stolen did NOT include passwords or credit card numbers.

What’s worse about the Ticketfly hack is that the hacker claims to have warned Ticketfly about the vulnerabilities months beforehand. He also demanded 1 Bitcoin in exchange for the sensitive information he had already obtained.

Ticketfly did not comply, resulting in the compromise of 26-million users’ information.

Bill, the Hacker, Just Wanted one Bitcoin

The hacker, known as IsHaKdZ, blocked the ticketing website with an image of “V” from V For Vendetta. His web page also read “Your Security Down im Not Sorry” and included both a contact email and a future threat.

dbsleak@yandex.com
Next time I will publish database “backstage”
[database.wordpress]
[member.information.csv]

The threat implies that the hacker obtained user information from website Backstage, too.

Ticketfly is, in fact, not associated with Backstage, the auditions and casting call website. It is possible the hacker meant Ticketfly Backstage, but neither TicketFly nor parent company Eventbrite commented on that.

The sales tracker, registration, and event/ticketing platform agreed with Pandora to purchase Ticketfly in June 2017.

But, as mentioned, the hacker revealed earlier communication with the now compromised website to news outlet Motherboard. He called himself “bill” and demanded just one Bitcoin for user data protection.

Motherboard gave no date for these alleged messages, so “one Bitcoin” could have been a heftier sum at the time. Of course, it wouldn’t have been more than $20,000 USD.

Perhaps, the next time a hacker asks for one of a cryptocurrency, other digital outlets will be more likely to comply than Ticketfly was with this data breach.

You can find updates to the situation on the website’s “Cyber Incident” page.

Did Your Information get Compromised?

Unfortunately, one of my older email addresses didn’t survive the data breach. As a security measure, you might want to double check the safety of your accounts, too.

Check out Have I Been Pwned from noted cybersecurity expert Troy Hunt.

Given that retail outlets like Saks Fifth Avenue and Under Armour both had high profile hacks in April and March respectively, it might be a good time to diversify your cybersecurity.

What is the next data breach you expect from a major digital outlet?