Moshtix
| Primary URL | Location | Industry | moshtix[.]com[.]au |
Country
Australia
|
Entertainment
|
|---|
Profile
Moshtix operates as an online ticketing platform that facilitates the sale and distribution of tickets for live events, festivals, and other entertainment activities. Headquartered in Australia, the company provides a digital interface through which event organisers can create, manage, and publish ticket offerings, while consumers can browse, select, and purchase tickets for those events. Its core service includes the configuration of event details, pricing structures, and surcharge fees, all of which are handled through a front‑end event management system. The platform processes payments using encrypted transaction channels, a design choice intended to protect stored payment data from exposure. Moshtix provides ticketing services for a range of events, including festivals, and supports organisers of varying scales. By focusing on the end‑to‑end ticketing workflow, the company positions itself as a specialist in event‑centric commerce rather than a general‑purpose e‑commerce provider.
In May 2014, Moshtix experienced a security incident in which an attacker gained unauthorised access to its event configuration system during a major festival ticket sale. The intrusion allowed the perpetrator to alter credit‑card surcharge fees and to create fraudulent discounted tickets, resulting in excessive charges for 422 customers and 13 illegitimate purchases at reduced prices. A false message claiming that customer data was being sold was also posted, apparently intended to disrupt operations and harm the company’s reputation. Forensic analysis determined that the breach was confined to the front‑end event settings and did not compromise stored payment information because of the platform’s encryption controls. In response, Moshtix issued refunds to affected customers, disabled the compromised access points, and engaged law‑enforcement authorities to investigate the incident. The attacker’s motive appeared to be operational disruption and reputational damage rather than direct financial theft, highlighting the platform’s exposure to threats targeting its configuration and public‑facing functions.