Ticketfly yanks website offline to recover from cyberattack
Ticketfly has taken its website offline following a cyberattack which reportedly exposed customer data.
Security
At the time of writing, Ticketfly's website is not operational.
In a statement posted on the Ticketfly landing page, the company said that a "series of recent issues" has led the firm to believe that it is the "target of a cyber incident."
The attack against the service, owned by Eventbrite, took place on Thursday. As reported by Bleeping Computer at the time of the attack, Ticketfly visitors attempting to purchase tickets were instead met with the "V for Vendetta" character -- connected to the hacker collective Anonymous -- instead.
Alongside the character, the threat actors reportedly defaced the website with the message "Ticketfly HacKeD By IsHaKdZ."
Ticketfly administrators eventually spotted the attack and pulled the website into maintenance mode.
However, one visitor to Tickletfly, Twitter user Michael Villado, posted a public message which appears to also show the leak of customer data.
A URL, ticketfly.com/member, was live during the cyberattack and may have exposed .csv files containing customer information. The link has been taken down and it is not known if any legitimate data was compromised.
"Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue," Ticketfly says. " We are working to bring our systems back online as soon as possible. Please check back later."
Ticketfly is still investigating the incident and has no timeline available for those who wish to purchase tickets or check their orders.
Instead, the company has asked customers of specific events to check the social media accounts of vendors and promoters to keep updated on the status of shows. Ticketfly will be providing paper-based guest lines to venues and ticket holders must bring photo ID with them to booked events.
See also: Git repository vulnerability leads to remote code execution attacks
The hacker which took responsibility for the attack, IShAkDz, told sister site CNET in an email that they demanded 1 Bitcoin to resolve the attack, which is currently worth roughly $7,500.
In a statement, a Ticketfly spokesperson said, "We realize the gravity of this decision, but the security of client and customer data is our top priority."