Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ticketfly website was compromised, the hacker also stole customers’ data

The website of the events ticketing company Ticketfly was shut down after a hacker who calls himself “IsHaKdZ” compromised it.  The hacker defaced the Ticketfly website with a picture of Guy Fawkes and a warning that read “Your Security Down im Not Sorry.” The attacker also published a yandex.com email account along with the following message: […]

Ticketfly hacked

The website of the events ticketing company Ticketfly was shut down after a hacker who calls himself “IsHaKdZ” compromised it. 

The hacker defaced the Ticketfly website with a picture of Guy Fawkes and a warning that read “Your Security Down im Not Sorry.” The attacker also published a yandex.com email account along with the following message:

“Ticketfly HacKeD By IsHaKdZ. Your Security Down im Not Sorry. Next time I will publish database ‘backstage’ (sic).”

The hacker also warned administrators that it has access to a database titled “backstage,” he shared links to files containing customer and client information, including names, physical addresses, phone numbers and email addresses.

Ticketfly hacked

Ticketfly, which is owned by Eventbrite, has taken down the site in response to the incident and posted a data breach notification.

“We are currently investigating a cybersecurity incident targeting Ticketfly.com that has resulted in the compromise of some client and customer information. After learning of the incident, we immediately launched an investigation, and out of an abundance of caution, we took the site down while we work to address the issue.” reads the data breach notification published by the company,

“Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible,”

Everyone has purchased tickets via the Ticketfly platform will have to print them out and bring a photo ID to the venue hosting the event. Tiketfly provides printed guest lists to the venue.

People who have tickets purchased by other people may need to show the original payment card used to buy the ticket, a copy of the original buyer’s ID, and an authorization note from the original buyer.

Motherboard has spoken with the hacker who confirmed that initially attempted to contact the company to report a vulnerability in the website but without success. He asked for the payment of 1 bitcoin di disclose the issue, but without receiving reply he decided to exploit the flaw.

Motherboard confirmed the authenticity at least some of the records stored in the files leaked by the hacker.

“In an email conversation with Motherboard, the hacker claimed to have warned Ticketfly of a vulnerability that allowed him to take control of “all database” for Ticketfly and its website.” wrote Lorenzo Bicchierai on Motherboard. “The hacker said they asked for 1 bitcoin to share the details of the vulnerability but did not get a reply. The hacker shared what appears to be two emails between him and a series of Ticketfly employees in which the hacker mentions the vulnerability.”

The company confirmed that is still investigating the issue in order to determine the extent of the security breach.

“Our investigation into the incident is ongoing. We’re putting all of our resources to confirm the extent of the unauthorized access. We’re committed to communicating with all customers once we have more information about the scope of the issue,” Ticketfly told customers.” continues the notification.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Ticketfly, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]