Ticketfly hacked does it affect you?On May 31, news broke about a data breach affecting prominent indie-focused ticketing service Ticketfly. While the company hasn’t released an exact number of impacted users, security expert Troy Hunt found several database files on a public server containing over 26 million Tickeyfly users’ email addresses. The ticketing service also verified that many users’ names, phone numbers and home and billing addresses were compromised as well. If you or anyone in your family use Ticketfly, keep reading to learn more about this breach and what you can do to protect yourself.

What happened?

Sometime on the evening of Wednesday, May 30, a hacker going by the name IsHaKdZ vandalized Ticketfly’s home page, leaving a message claiming they had hacked the site. The message included an email address as well as claims that they had access to a database referred to as “backstage.” Below IsHaKdZ’s message were links to the databases they’d already compromised. Other sites managed by Ticketfly, including Promoter, Pulse and Fanbase (aka Top Fans), were also compromised with their page titles and descriptions displaying IsHaKdZ’s message. IsHaKdZ claims to have exploited a vulnerability present in Ticketfly’s infrastructure, one that he purportedly offered to disclose to Ticketfly for one bitcoin prior to hijacking the site after Ticketfly ignored him. Ticketfly engineers have since been working tirelessly on addressing the damage caused by the hack and investigating its scope and extent. After closing the site for several days, it still appears to be down, though parts of it are back online and have presumably been made more secure.

What information was impacted by the hack?

Ticketfly is still conducting its own investigation and has been somewhat tight-lipped about details; however, thanks to the work of Motherboard and security researcher Troy Hunt, we now know at least 26,151,608 unique email addresses and their corresponding credentials were compromised. As noted above, the stolen data namely includes names, phone numbers as well as home and mailing addresses — luckily, credit card information was not included with the data. The breach affected not only Ticketfly customers, but it also impacted Ticketfly clients, the companies, venues or promotors who host events, as well. Ticketfly’s parent company, Eventbrite, claims that it has not been impacted by the breach.

What should I do?

While Ticketfly has acknowledged that they’ve been hacked, unfortunately without many official details, it’s unclear what restitution, if any, will be made available for potential victims. If you’re curious about whether or not the breach affected you, the first thing you can do is to go to Troy Hunt’s website https://haveibeenpwned.com and enter your email address to see if you’ve been compromised in the breach, as the site provides consumers with a custom list of breaches they may have been impacted by. That said, regardless of what you find, if you’ve ever used Ticketfly, it might be best to operate under the assumption that your information has been compromised. It’s unclear what IsHaKdZ or anyone who might have accessed the exposed databases IsHaKdZ linked to intends to do with the data, but presumably, this information will find its way onto the dark web. Unfortunately, it’s very likely that your data has already wound up there after years of headline dominating hacks. Still, that doesn’t make this occurrence any less severe. In addition, you’ll also want to change your password for not only your Ticketfly account, but also for all of your online accounts, as you can never be too safe.

On top of that, you’ll want to keep an eye on your financial accounts. While financial information was not exposed in the Ticketfly hack, some of the personal information leaked, like addresses, phone numbers and names, can be used in social engineering scams, especially when you consider what other information may be living on the dark web as a result of other breaches, like the Equifax breach. If you want an extra set of eyes on your side, consider signing up for an identity theft protection service. These services monitor for your personal information on black market websites and alert you if anything is spotted, allowing you to stay in the know and notify the proper parties that your identity is vulnerable. Our top-rated services also monitor all three credit reports and provide you with added tools and information about protecting your identity.

How to move forward from this and similar hacks

By now, most of us know that major data breaches are just part and parcel of our online experience. That’s why, as depressing as it sounds, we have to live like we know our data has been (or will be) breached. In addition to making cybersecurity the center of your online life, you also need to clean out your devices and accounts and be more cautious online. Some suggest using alternate email addresses for sites you don’t trust, or for websites that you don’t intend to use often. Alternatively, after using services where you sign up to make a one-time purchase, you can simply provide partial or incomplete information or delete your account once you’ve purchased the item or service you wanted.

The Ticketfly story is still developing, and if you want to keep up with this story and other data breach news, follow our data breach blog.