Cyber Incident Victim: Moshtix
Date:
May 2014
Location:
Australia
Summary
A ticketing platform experienced unauthorized access to its event configuration system during a major festival ticket sale, enabling an attacker to modify credit card surcharge fees and offer fraudulent discounted tickets. The breach affected 422 customers with excessive charges and allowed 13 purchases at illegitimate discounts, while a false message about data sales was posted to disrupt operations. Forensic analysis confirmed the intrusion was limited to front-end event settings, with no compromise of stored payment data due to encrypted processing. The company issued refunds, disabled compromised access points, and involved law enforcement. The attacker's actions appeared aimed at causing operational disruption and reputational harm rather than financial theft.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 8, 2014, during the Splendour in the Grass festival ticket sale, Moshtix experienced unauthorized access to its ticketing system between 9:10 AM and 9:37 AM. An attacker compromised a legitimate account credential configured for the Splendour event, gaining access to the front-end system controlling event configuration details. The intruder altered ticket pricing parameters, applying a fraudulent 50% discount to 13 orders and manipulating credit card surcharge fees for 422 customers, resulting in overcharges amounting to thousands of dollars in some cases. Concurrently, a false message appeared on the event page claiming customer data was for sale on Silk Road, a darknet marketplace. These actions triggered widespread customer complaints across social media platforms as patrons reported suspicious transactions during the high-demand ticket sale.
Moshtix CEO Harley Evans confirmed the breach was deliberate and not caused by system errors, initiating immediate containment by disabling access to the compromised system module. The company refunded all 13 discounted orders and reimbursed the 422 overcharged customers, while forensic investigators determined the breach was confined to event configuration settings with no access to payment processing systems or customer financial data. Law enforcement was engaged to pursue the perpetrators, though the investigation remained ongoing regarding how the attacker obtained valid credentials. The incident caused significant reputational damage and operational disruption during what Moshtix described as a critical sales event, though Splendour tickets still sold out within hours. Moshtix implemented unspecified system changes to prevent recurrence while maintaining that encrypted payment data had never been stored or exposed during the incident.