Ticketfly, the indie-focused ticketing service that last year was purchased by Eventbrite, has fallen victim to what it describes as a "cyber incident" and has temporarily shut itself down. The company, which handles ticketing for events like Celebrate Brooklyn and Riot Fest, confirmed the hack to Billboard on Thursday morning.
"Following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly.com has been the target of a cyber incident," according to a Ticketfly spokesperson. "Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We realize the gravity of this decision, but the security of client and customer data is our top priority. We are working tirelessly to get our clients back up and running."
Visiting the Ticketfly site now surfaces the message, "All Ticketfly and related systems are temporarily offline. Please check back for updates" and attempting to purchase tickets on the websites for individual concerts or festivals (such as Riot Fest, which just announced its lineup) leads to a "404 Not Found" error.
It’s unclear when the hack took place, but users started noticing something was wrong with the Ticketfly site late last night around 9 p.m. PST. Ticketfly’s home page was defaced by a hacker calling themselves Ishakdz with a picture of fictional character Guy Fawkes and an ominous warning “Your Security Down im Not Sorry.”
On the site, the hacker is claiming to have access to Ticketfly’s "backstage" database which one Ticketfly insider is telling Billboard stores client information for the thousands of venues, promoters and festivals that use Ticketfly.
"It's where clients perform all their work building events, setting prices, etc," our source says. When asked if credit card info could be stored in the database, our source said "absolutely but hopefully those would be cordoned off and encrypted."
Engineers with Ticketfly, including founder Andrew Dreskin, were up all night trying to contain the intrusion, which might have started with a hack of Ticketfly’s Wordpress blog, which the hacker allegedly downloaded and posted on the Ticketfly site, alongside files allegedly linking to information about Ticketfly "members." It's unclear what "members" means, and the site vandalized site front page was removed after Ticketfly employees took the entire site offline. It's unclear if the potentially stolen and sensitive information will be posted on another site, like Wikileaks.
Once competitors, Eventbrite purchased Ticketfly from Pandora for $200 in a sale that closed in early September 2017. At the time, the combined company projected they will do $4 billion in global ticket sales annually, selling 2 to 3 million tickets per week to consumers in 180 countries.
The functionality of Eventbrite.com appears in tact as of Thursday morning and a tweet from the company stated the "issues impacting our Ticketfly family are not affecting events or ticket sales on the Eventbrite platform in any way."
Following recent site issues, we determined that Ticketfly has been the target of a cyber incident. To protect our clients and fans, and to secure the website and related data, we have temporarily taken all Ticketfly systems offline. We’ll keep you updated.— Ticketfly (@ticketfly) May 31, 2018