Cyber Incident Victim: Ticketfly
Date:
May 2018
Location:
United States of America
Summary
A hacker exploited a vulnerability in Ticketfly's systems after the company failed to pay a 1 Bitcoin ransom demand, leading to website defacement and theft of client and customer databases containing names, addresses, email addresses, and phone numbers. The attacker claimed to possess additional "backstage" data while the company took all systems offline for forensic investigation, causing significant operational disruption—venues resorted to manual check-ins requiring photo IDs and credit card verification for ticket access. Eventbrite, the parent company, engaged cybersecurity experts to restore services with heightened security measures, acknowledging compromised information but not specifying full scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Ticketfly cybersecurity incident began on or around May 30, 2018, when unauthorized activity was observed on the company’s website. An attacker using the alias IsHaKdZ defaced Ticketfly’s homepage with an image from *V for Vendetta* and a message claiming responsibility for the hack. The hacker later communicated with media outlets, asserting they had identified a vulnerability in Ticketfly’s systems and attempted to notify the company. According to email correspondence reviewed by journalists, IsHaKdZ demanded one Bitcoin as payment for securing the flaw. When the ransom was not paid, the attacker exploited the vulnerability to access internal databases. Ticketfly took its website and related systems offline on May 31 to contain the breach, initiating an investigation with third-party forensic experts.
The breach compromised client and customer data, including names, home addresses, email addresses, and phone numbers stored in Ticketfly’s systems. IsHaKdZ claimed possession of a “complete” database and threatened to release additional files labeled “backstage,” though no specifics about this dataset were disclosed. The operational disruption prevented venues from processing digital ticket sales or verifying purchases, forcing Ticketfly to implement manual workarounds such as printed guest lists for event check-ins. Customers without photo ID were required to present the original purchaser’s credit card, a photocopied ID, and written authorization. Eventbrite, Ticketfly’s parent company, confirmed the cyber incident and prioritized restoring systems securely, though no timeline for full recovery was initially provided. By June 2, Ticketfly announced progress in bringing its ticketing platform back online while emphasizing collaboration with cybersecurity specialists to safeguard data. The company acknowledged the compromise of “some client and customer information” but did not specify the full scope of exposed records or confirm the hacker’s claims regarding additional databases.