Ticketfly was still offline this afternoon (Friday) after being forced to take its systems down on Thursday following a serious “cyber incident”.
Ticketfly, which Eventbrite bought from Pandora in a $200m deal last September, took action after apparently being infected by an attack and ransom demand from a hacker calling themselves Ishakdz. Initially a message saying “Your Security Down im (sic) Not Sorry” appeared on Ticketfly’s homepage.
The company has confirmed in a statement that some client and customer information was compromised in the attack.
The attack has caused chaos for hundreds of organisations partnered with Ticketfly, which confirmed the attack on Twitter.
Following recent site issues, we determined that Ticketfly has been the target of a cyber incident. To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline. We’ll keep you updated.
— Ticketfly (@ticketfly) May 31, 2018
Ticketfly’s website is still unusable, with a visit to its homepage now displaying a message explaining the situation.
“Following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly has been the target of a cyber incident,” the message reads. “Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible. Please check back later.
“For information on specific events please check the social media accounts of the presenting venues/promoters to learn more about availability/status of upcoming shows. In many cases, shows are still happening and tickets may be available at the door. Thank you.”
In a company statement, Ticketfly advised venue owners and operators to communicate to customers that they should bring photo ID and, if possible, a printed version of their digital tickets to shows. If they were not the original purchaser, they should also bring the credit card used to buy the ticket, as well as a note from the buyer and their ID.
According to Billboard, the hacker claims to have access to Ticketfly’s backstage database, which is said to include client information. A Ticketfly source told Billboard: “It’s where clients perform all their work building events, setting prices, etc,” adding that information such as credit card details would “hopefully … be cordoned off and encrypted.”
— Matt Martinez @ Smash N Splash (@mattmartinezgg) May 31, 2018
According to correspondence with website Motherboard, the hacker is alleged to have demanded a single bitcoin ($7,500) to divulge the vulnerability that left Ticketfly vulnerable to attack.
Eventbrite yesterday tweeted that the development is not affecting its own events or ticket sales.