Incident Of The Week: Ticketfly Hacked, Engineers Pull Site Offline

'Guy Fawkes' Hacker May Have Lifted Sensitive Data



Dan Gunderman
06/01/2018

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a cyber-attack which blitzed an events ticketing company, Ticketfly, and knocked the site offline.

The company confirmed it has fallen victim to a cyber-attack by displaying a message on its temporarily disabled website. Ticketfly also took to Twitter to make the announcement.

The tweet reads: “Following recent site issues, we determined that Ticketfly has been the target of a cyber incident. To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline. We’ll keep you updated."


Photo: Twitter (@evanderburg)

According to Billboard, users began noticing site defacement Wednesday evening. A hacker, dubbed IsHaKdZ, planted an image of Guy Fawkes (now synonymous with cyber-attacks), with the statement, “Your Security Down im Not Sorry.” The Fawkes-embracing hacker also left behind a yandex.com email account and noted that they could access the “backstage” database, holding sensitive data (of venues, promoters and festivals).

See Related: Incident Of The Week: FBI Attempts To Dissolve Botnet Wielding 500K Routers

According to The Verge, the hacker seems to have tampered with the company’s webmaster. In addition to Ticketfly, the hack also affected Brooklyn Bowl, Pearl Street Warehouse and Lafayette Theater. Ticketfly’s engineers reportedly began addressing the issue immediately.

The technology outlet Motherboard reportedly conversed with the hacker, who requested one bitcoin (now $7,544) in exchange for information on the ticket site’s weakness. The hacker may also wield a database holding sensitive information (names, addresses and venue-specific phone numbers).


CNET writes that the hacker said, “I want (them) to pay me to fix the exploit.”

While not yet addressing the extent of compromised data, a Ticketfly spokesperson told The Verge: “The security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third-party forensic experts, to get our clients back up and running.”

According to CNET, the hacker told the outlet that he or she reached out to Ticketfly regarding the vulnerability multiple times, but was not accommodated.

See Related: Incident Of The Week: Hackers Tap Into Mexican Banks, Lift $15M

Ticketfly’s parent company, Eventbrite, reportedly did not experience effects of the attack.


Photo: Twitter (@TheFestiveOwl)

This occurrence falls in line with wider cyber security trends, as hackers have accelerated their clandestine missions. As such, cyber-thievery is on the rise, as is concern at the C-Suite and board levels within an organization.

Nevertheless, between remedial controls such as cyber insurance, business continuity plans, incident response controls (e.g., digital forensics) and open communication both internally and externally, enterprises are pushing back against hacking efforts at every turn. This is especially true as security teams embrace the “Zero Trust” model, which is essentially universal scrutiny of users and devices, etc., attempting to connect to a network (as opposed to the perimeter mindset of interior trust).

While one damaging breach could immediately cripple the bottom line or the brand, tougher controls, cyber awareness and careful monitoring go a long way. CISOs and the like must be cognizant of current trends, market coverage, and even longstanding vulnerabilities and network entry points.

Be Sure To Check Out: Incident Of The Week: 15K Accounts Breached At U.K. Credit Union