Hacker Defaces Ticketfly’s Website, Steals Customer Database
A hacker briefly took over Ticketfly’s website, defacing it with a picture of the V for Vendetta character and a claim of responsibility. The hacker also sent Motherboard files of what they say is employee and customer information taken from Ticketfly’s database. Ticketfly, which is owned by Eventbrite, took down the site and posted a message saying that the company had been “the target of a cyber incident.”
Ticketfly sells tickets for many major nightclubs in the United States, including Brooklyn Bowl and the 9:30 Club in Washington, DC. The websites for those clubs are still down, as is Ticketfly’s main website. When reached for comment, the company sent back the exact same statement.
The company did not say whether any event tickets were stolen or otherwise compromised. In an email conversation with Motherboard, the hacker claimed to have warned Ticketfly of a vulnerability that allowed him to take control of “all database” for Ticketfly and its website. The hacker said they asked for 1 bitcoin to share the details of the vulnerability but did not get a reply.
The hacker shared what appears to be two emails between him and a series of Ticketfly employees in which the hacker mentions the vulnerability. A Ticketfly spokesperson declined to respond when asked whether the hacker had gotten in touch with the company. The hacker also pointed to a server where they uploaded a series of allegedly hacked files.