Ticketfly Data Breach May Have Exposed 26 Million Customer Records
Ticketfly, a concert ticketing service, went offline this weekend after hackers penetrated the website.
While Ticketfly has not revealed how many customers could have been affected by the breach, Marketwatch reported the information of 26 million customers could have been exposed, including names, email addresses and phone numbers.
The website went down Wednesday, which lead concert promoters struggling to sell tickets for upcoming events. The hacker contacted Motherboard and sent the news outlet employee and customer information they had stolen from the database.
The individual told Motherboard they had warned Ticketfly about the security vulnerability, and had offered to reveal it for one bitcoin. When they received no response from the company, they took control of the website.
Ticketfly has hired a forensic cybersecurity team to determine the extent of the breach, as well as the vulnerabilities that lead to the incident.
The breach was not as bad as it could have been since it does not appear as if passwords or payment card information were stolen. However, customers who have purchased tickets through Ticketfly or its parent company, Eventbrite, are well advised to change their password.
Additionally, since the hackers have customer names and email addresses, consumers should be wary if they receive a message from Ticketfly or Eventbrite that asks them to download a file or follow a link to log-in to a website. Criminals can use this information to send phishing emails. While the email may contain Ticketfly branding and appear to come from the company, it could actually come from cybercriminals. If someone downloads a file from a phishing email, it can infect their system, and the hacker can do just about anything from taking over the device to installing malware that will allow them to steal banking information.
Also, if someone follows the link of a phishing email and uses their credentials to log-in, the criminal can steal their username and password.
When in doubt, check the information that comes after the @ symbol in an email address. Phishing emails will often contain misspellings or nonsense characters instead of @ticketfly. Also, customers can also log directly into the website. Any communication from the company should appear on their website.