Ticketfly, Major Venues Still Offline 2 Days After Hack, Ransom Demand [UPDATE 3]
[UPDATE 3] For more than 50+ hours and in the midst of a busy Spring concert weekend, Ticketfly and the sites of the major venues and promoters it services have been offline. Ticketfly, which is owned by Eventbrite, was hacked before 6 AM ET Thursday and went offline with the tweet: "To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline."
Eventbrite clients appeared unaffected by the hack.
As of 7:50 AM Saturday , the sites of dozens of promoters and venues were also offline. The Ticketfly maintained sites of both IMP Promotions, a major DC area promoter, and its new flagship venues The Anthem and Merriweather Post Pavillion are still offline, as is the site of major Chicago promoter Jam Productions. Ticketfly clients include 1200 top venues and promoters, including the Bowery Ballroom, Brooklyn Bowl, Central Park SummerStage, Merriweather Post Pavilion and Pitchfork Music Festival.
Hacker Threatens More Mischief
Code left on the Ticketfly site points to the hacker group IsHaKdZ, who appears to be demanding a ransom Along with a yandex.com email address, the hackers left this message:
Ticketfly HacKeD By IsHaKdZ. Your Security Down im Not Sorry. Next time I will publish database "backstage."
UPDATE: Mashable has communicated with the hacker who shared private data that he said he would release if he was not paid a single bitcoin, currently worth about $7500. "I asked them 1 bitcoin for protection," the hacker said over email, in addition to sharing allegedly stolen files. "But I did not receive a reply from them."
Ticketfly was founded in 2008 in San Francisco. In 2013, it was acquired by Pandora in a $335 million cash and stock deal. In June of 2017, Pandora sold Ticketfly to Eventbrite for $200 million.
What's Next?
The ticketer, which has shared few details of the hack, says it does not know when it will be back online. "Unfortunately, we don’t have a specific timeline to share right now," admits Ticketfy.
A special page with updates and suggestions for its clients had been setup here.
Check back for updates.
Thank you to our valued clients and fans for your patience. We’re continuing to investigate the cyber incident and working around the clock to get our systems back up and running. Please visit https://t.co/CR9ZnPw6bC for additional information.
— Ticketfly (@ticketfly) June 1, 2018
According to the site “have I been pwned?”, Ticketfly failed to respond to the ransomware demand. As a result, over 26 MILLION unique email addresses along with names, physical addresses and phone numbers have been posted online to a publicly accessible location… including mine.
I don’t see that disclosed anywhere.