Business

Hacker Claims They Warned Ticketfly About Website Vulnerability, Sought Payment Before Taking Down

Ticketfly
Courtesy Photo

Ticketfly

The cybercriminal allegedly requested one bitcoin (roughly $7,425) to point out the vulnerability to the ticketer.

New reporting claims that IsHaKdZ, the hacker who has infiltrated and taken down Ticketfly, warned the company via email about the vulnerability before the cyber incident that started on Wednesday night.

According to Motherboard, IsHaKdZ provided alleged email correspondence between themselves and Ticketfly employees who did not respond to the hacker. Via email with Motherboard, the hacker claims to have asked for one bitcoin in exchange for pointing out the vulnerability.

In the first supplied email sent to Motherboard, the subject line reads “Hi bill i’m the hacker” and adds “Your database and your file I have it.”

The hacker, who first posted a cryptic Guy Fawkes image on the Ticketfly site, is claiming to have access to Ticketfly’s “backstage.”

IsHaKdZ also pointed Motherboard to a server that contains the allegedly hacked files. The files include CVS spreadsheets “containing what appear to be personal details of Ticketfly customers and employees, including names, home and email addresses, and phone numbers. Each spreadsheet contains thousands of names,” according to Motherboard.

Motherboard is in the process of authenticating the information, but says it has confirmed the details of at least six users.

By Thursday evening, Ticketfly had created a support page on the cyber incident.  

“Our investigation into the incident is ongoing,” the Cyber Incident Support page reads in regards to whether the hacker has obtained personal data. “We’re putting all of our resources to confirm the extent of the unauthorized access. We're committed to communicating with all customers once we have more information about the scope of the issue.”

The cyber incident page informs fans and clients that Ticketfly does not have an exact time for when the site will be restored and asks everyone to refer to individual venue and promoter social media posts for more information on events during the blackout.

Venues like the 9:30 Club in Washington, D.C. have had to postpone on-sales for upcoming events such as Florence + The Machine and are asking customers to bring printed tickets if possible.

At time of publishing of this article, the Ticketfly site was still down.