Ticketmaster has been fined $10 million after staff admitted to hacking into a rival firm's systems in order to "choke off" their presale ticket business.
Last week, the US Department of Justice (DoJ) said employees of Ticketmaster, a subsidiary of Live Nation Entertainment, "repeatedly" infiltrated the computers of a rival presale tickets seller.
Ticketmaster offers a platform for purchasing tickets for events including concerts, attractions, and sports.
According to court documents (.PDF) filed in the US Eastern District Court of New York, a former employee of the victim firm -- believed to be Songkick, which maintained a presence in both the UK and New York -- left their post in 2012 to join Live Nation.
Despite signing a confidentiality agreement before entering their new employment, this individual, instead, entered the heart of a scheme designed to disrupt the competitor's business operations.
The DoJ says that after joining Live Nation in 2013, the co-conspirator shared confidential information with Ticketmaster employees including the former head of the Artist Services division, Zeeshan Zaidi.
Ticketmaster's rival offered presale tickets before they were made available to the general public and created a password-protected app for artists to track their ticket sales, known as Toolboxes.
The co-conspirator shared draft web pages built for artists, confidential URLs, financial documents, and sets of credentials for existing Toolbox accounts. In 2014, they warned Zaidi to be careful about snooping around in these systems, but also urged them to "screengrab the hell out of [it]."
By accessing Toolboxes and grabbing ticket sales data, Ticketmaster would then be able to benchmark its own performance against the rival and use this information in sales pitches.
One of the overall goals was to "steal back one of [the victim company]'s signature clients," US prosecutors said, and if successful, this would "choke off" the Ticketmaster rival, "cut[ting] them off at the knees."
In a move deemed "brazen" by the DoJ, a summit for Live Nation and Ticketmaster employees was held in San Francisco in the same year. A senior executive of Live Nation asked Zaidi and others to prepare a presentation comparing Ticketmaster presales to the rival's Toolboxes, and the team obliged -- by once again using the stolen passwords, in public.
The unnamed conspirator was promoted and given a raise the year following. Ticketmaster employees continued to lurk in Toolboxes and maintained a spreadsheet of all account URLs until the end of 2015.
While the rival company became defunct in 2017, prosecutors were made aware of the scheme after Songkick launched an antitrust lawsuit against Live Nation in 2015. Live Nation settled the lawsuit and eventually acquired Songkick's technological assets.
Employees involved in the scheme were fired. US prosecutors filed five criminal counts against Ticketmaster, including wire fraud and conspiring to commit computer intrusion. In a separate but related case, Zaidi pled guilty to conspiring to commit computer intrusions and wire fraud.
In order to resolve the case, Ticketmaster will pay a criminal penalty of $10 million and has agreed to submit to a three-year deferred prosecution agreement including the creation of a new compliance and ethics program. The ticket seller must also report to the United States Attorney's Office annually until the agreement expires.
Ticketmaster said, "we are pleased that this matter is now resolved."
"Ticketmaster employees repeatedly -- and illegally -- accessed a competitor's computers without authorization using stolen passwords to unlawfully collect business intelligence," commented Acting US Attorney Seth DuCharme. "Today's resolution demonstrates that any company that obtains a competitor's confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court."
Previous and related coverage
- Ticketmaster breach was part of a larger credit card skimming effort, analysis shows
- Boom! Mobile falls prey to Magecart card-skimming attack
- Inter: a 'low bar' kit for Magecart credit card skimmer attacks on e-commerce websites
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0