Ticketing website Ticketfly is back online after being hacked last week in a high-profile data breach. It was initially reported that “thousands” of accounts were exposed, but in a recent update, the website confirmed that approximately 27 million accounts were affected.
“In consultation with third-party forensic cybersecurity experts we can now confirm that credit and debit card information was not accessed,” the company said. “However, information including names, addresses, email addresses and phone numbers” was exposed.
27 million Ticketfly accounts hacked
The May 31 breach became public when Ticketfly’s front page was briefly replaced with artwork depicting a person in a Guy Fawkes mask.
The mask of Fawkes, a 17th century anarchist in England, was popularized in the movie “V for Vendetta” and has become a symbol of the hacking community. Motherboard, a tech microsite of Vice.com, reported that they communicated with the purported hacker.
Huh, well shoot. Not every day you see a site as high profile as @ticketfly get taken down. Take your security seriously. pic.twitter.com/JUGOjjwqkI
— Michael Stenberg (@MichaelStenberg) May 31, 2018
Motherboard reported that in an email conversation, the perpetrator claimed that he had warned Tickefly that its site had a major vulnerability that would allow someone to commandeer its entire database. The hacker shared two emails between himself and Ticketfly employees that appear to back up the allegations, Motherboard said.
“Hi bill i’m the hacker,” Motherboard said the subject line reads in one of the emails. “Your database and your file I have it.”
The hacker also sent Motherboard what he described as personal information of Ticketfly customers and employees. Motherboard said the CSV spreadsheet files appear to contain names, home and email addresses, and phone numbers.
Later that day, Motherboard’s Lorenzo Franceschi-Bicchierai, who writes about cyber security, tweeted that, “Right now, it DOES NOT appear that credit card numbers or passwords were compromised.”
Although it doesn’t seem that financial information was stolen in this incident, it is a major data breach nonetheless. Here is what you can do if you feel your information has been compromised.
Ticketfly data breach: What you can do to protect yourself
Ticketfly is directing customers to the ticketf.ly/update webpage, which says this:
We are deeply sorry this happened. While we’ve made significant progress, there’s still work ahead to make things right. Our top priorities remain ensuring your security, getting everything back up and running, and regaining your trust. Ticketfly.com, Ticketfly Backstage, and the vast majority of venue/promoter websites are back online.
Money expert Clark Howard says the #1 way to protect your financial information is by following this two-pronged approach:
- Sign up for a CreditKarma.com or CreditSesame.com to get free credit monitoring and be notified when anyone tries to access your personal info. Here’s a step-by-step rundown of how to do it.
- Freeze your credit at the three major credit-reporting bureaus. Here’s an in-depth guide on how to contact Equifax, TransUnion and Experian to freeze your accounts.
In addition, if you had a Ticketfly account, you should immediately change the passwords on any accounts tied the same email address tied to your Ticketfly account and always employ 2-factor authentication, when possible.
Keep up to date with the latest privacy and security tips and more at Clark.com. Subscribe to our newsletter and follow us on Twitter and Facebook!
