Ticketfly data breach (2018) — what was exposed and what to do

What happened

According to public breach records, the Ticketfly data breach on May 31, 2018 is reported to have exposed the personal information of 26,151,608 accounts.

In May 2018, the website for the ticket distribution service Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply and subsequently posted the breached data online to a publicly accessible location. The data included over 26 million unique email addresses along with names, physical addresses and phone numbers. Whilst there were no passwords in the publicly leaked data, Ticketfly later issued an incident update and stated that "It is possible, however, that hashed values of password credentials could have been accessed".

In late May 2018, a hacker using the alias "IsHaKdZ" exploited a vulnerability in Ticketfly's WordPress-based assets, defaced the company's homepage (with an image of "V" from V for Vendetta), and forced the Eventbrite-owned ticketing service offline. The attacker reportedly demanded 1 bitcoin to disclose the flaw; after the company did not pay, a database containing over 26 million unique customer and employee records was posted to a publicly accessible location. The leaked data included email addresses, names, physical/billing addresses, and phone numbers; plaintext passwords and credit card details were not in the public dump, though Ticketfly stated hashed password values could possibly have been accessed. ["Be alert for targeted phishing and scam calls that reference your name, home address, or phone number to appear legitimate, since this leak tied those details to your email.", "If you reused your Ticketfly password anywhere else, change it on those accounts and enable two-factor authentication, as hashed password values may have been accessed.", "Treat unsolicited messages mentioning concerts, ticket refunds, or account verification with suspicion, and never click links or share payment details from them.", "Consider filtering or being cautious with mail and calls to the exposed address and phone number, which can be used for physical-mail scams or smishing."]

What data was exposed

The following types of personal data were compromised:

• Email addresses
• Names
• Phone numbers
• Physical addresses

Breach details

This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.

We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Ticketfly; it reflects a publicly reported security incident.

What to do now

Based on the data exposed in this breach, here are the steps you should take:

• Be alert for targeted phishing and scam calls that reference your name, home address, or phone number to appear legitimate, since this leak tied those details to your email.
• If you reused your Ticketfly password anywhere else, change it on those accounts and enable two-factor authentication, as hashed password values may have been accessed.
• Treat unsolicited messages mentioning concerts, ticket refunds, or account verification with suspicion, and never click links or share payment details from them.
• Consider filtering or being cautious with mail and calls to the exposed address and phone number, which can be used for physical-mail scams or smishing.

Check your exposure

Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.

Sources

• 26 Million Users Hit by Ticketfly Hack - SecurityWeek
• Have I Been Pwned: Ticketfly Data Breach