Ticketfly, an online ticket sale service, has been targeted by a malicious agent and, as a result, user’s personal information was stolen, information security trainingspecialists from the International Institute of Cyber Security. In addition, the Ticketfly website was deleted and a message was placed on the home page: “Your security is down, we are not sorry. Next time the database will be published”.
What really happened?
Ticketfly’s parent company, Eventbrite, said they were investigating the attack, but did not provide information about how the attack took palce or what kind of information was compromised. However, the attackers published several files in the Ticketfly database on a public server. According to experts in information security training, the files contained about 26,151,608 email addresses along with user names, phone numbers and home addresses. In other words, a lot of sensitive details have been compromised. The good thing about this is that the files did not contain passwords or credit card information.
Specialists in information security training report that the individual or group of persons behind the attack alerted the company about its security failures before the incident, asking for a payment in cryptocurrency in exchange for a solution. After not getting a response from the company, the attackers eliminated the Ticketfly website.
The company issued a press release stating that it is working with computer forensic specialists trying to find what happened and solve it. “Last week we learned that Ticketfly.com was the target of a cyber attack. In consultation with forensic experts and information security, we confirm that some of the customer’s information has been compromised, including names, addresses, emails and phone numbers. We understand how important is for our clients their data security and privacy, and we are deeply sorry for any unauthorized access to them”, established the statement.
After the attack Ticketfly remained disabled almost for a week, now it seems to work normally.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.