Ticketfly hacker threatens to release more stolen data
As far as blackmail goes, it was a relatively small request.
The hacker who claims to have gained access to a host of data from Ticketfly, prompting the Eventbrite-owned ticketing company to pull its site offline sometime late last night, told Mashable that he was only after a single bitcoin.
“[Yes] i asked them 1 bitcoin for protection,” explained the hacker, who goes by IShAkDz, over email, in addition to sharing a huge repository of allegedly stolen files. “But I did not receive a reply from them.”
At the time of this writing, that comes out to around $7,500. For context, the person who hacked HBO last year wanted around $6.5 million worth of bitcoin.
“Your Security Down im Not Sorry.”
We reached out to Ticketfly in an attempt to confirm IShAkDz’s claim that they contacted the company, but a spokesperson declined to address that point. The company did provide us with a statement, however.
“We realize the gravity of this decision, but the security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third party forensic experts, to get our clients back up and running.”
A partial list of file folders provided to us by the hacker.
The hacker, meanwhile, sent us a link to a directory containing thousands of CSV files that appear to contain Ticketfly customer and employee data such as names, emails, addresses, and phone numbers. Motherboard was able to confirm that at least some of the data is authentic.
The database we received did not include credit card numbers.
And IShAkDz says he’s not done yet. On the site sent to Mashable, IShAkDz threatened to release additional information.
“Your Security Down im Not Sorry,” reads the page. “Next time I will publish database ‘backstage.'”
IShAkDz did not respond to a follow up request asking him to detail the contents of the “backstage” database.
In the meantime, the Ticketfly website remains offline.
“Following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly has been the target of a cyber incident,” reads a statement plastered to the company’s only loading webpage. “Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible.”
It is not immediately clear how this hack is affecting venues that rely on Ticketfly’s services, though at least one San Francisco spot, 1015 Folsom, listed on a cached Ticketfly page as using the company’s services, is presently selling tickets through a working Eventbrite portal.
And while that’s great news for 1015 Folsom, it doesn’t address the looming concern that IShAkDz isn’t done dumping data yet.