Adele Fans Report Possible Data Breach
Members of Adele’s fan club were able to buy advanced tickets for her upcoming 2016 UK tour this morning. Given the popularity of her recent hit single, “Hello,” it’s no surprise that the website selling tickets, Songkick, saw enormous traffic. What fans were not expecting was their personal data being exposed to strangers.
Fans reported to the BBC that when they tried to check out, they were shown other people’s shopping baskets, which included the addresses and credit card details of other customers.
Kiran Farmah, attempting to buy tickets for a show in Birmingham, England, said she was offered tickets for Glasgow instead. “I got through to buying tickets but it came up with someone else’s screen with their card details and home address for SSE,” she tweeted.
Emma Harris told the BBC she had experienced a similar problem. “After queuing for an hour and half, we clicked the tickets we wanted [and] got pushed through to another screen but different tickets were selected. We went with these anyway because we thought otherwise we’d lose out. But when we got to the next screen, where you fill in your details, all of the boxes were already filled in with somebody else’s name, somebody else’s address and somebody else’s credit card number.”
Harris deleted the other customer’s information and was able to purchase the tickets that she wanted, but she was unsettled by the experience. “It’s definitely worrying, as I know myself and a lot of friends of mine have paid with our credit card details and we don’t know who they’ve been exposed to.”
Songkick blamed the large amount of site traffic for the error, but went on to say there was no proof that credit card information had been released.
“Due to extreme load experienced this morning, some of our customers were incorrectly able to preview limited account information belonging to other customers,” the company told The Telegraph. “There’s no evidence that this included credit card numbers or passwords. We take the privacy of our users very seriously, and we’re looking further into the matter to ensure it doesn’t happen again.”
Security consultant Graham Cluely said this “certainly sounded” like a security breach, and said this should not be possible–even if a site is extremely busy. He also stated it sounded as if the website code had not been written securely.
While it is still not clear whether or not credit card numbers have been exposed, Cluely said customers should be cautious.
“If that information could have been exposed, then keep a close eye on your bank account and your credit card statements. Look for unusual activity there and be very wary of unsolicited messages or unusual emails which you might receive.”