Ticketfly suffered a major security breach Wednesday that has stretched in to Thursday morning, forcing the company to take the ticketing service offline, leaving thousands of clients temporarily unable to sell tickets to their events.
“Following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly.com has been the target of a cyber incident,” a Ticketfly spokesperson told Amplify in a statement. “Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We realize the gravity of this decision, but the security of client and customer data is our top priority. We are working tirelessly to get our clients back up and running.”
Ticketfly’s website, blog and supporting sites are all offline, as are the ticketing sales queues for the thousands of events and independent promoters who use Ticketfly including big-time indies like Seth Hurwitz, Peter Shapiro from Brooklyn Bowl and Jerry Mickleson from Jam in Chicago.
It’s unclear when the hack took place, but users started noticing something was wrong with the Ticketfly site late last night around 9 pm PST. Ticketfly’s home page was defaced by a hacker calling themselves Ishakdz with a picture of fictional character Guy Fawkes and an ominous warning “Your Security Down im Not Sorry.”
On the site, the hacker is claiming to have access to Ticketfly’s “backstage” database which one Ticketfly insider is telling Amplify stores client information for the thousands of venues, promoters and festivals that use Ticketfly.
“It’s where clients perform all their work building events, setting prices, etc,” our source says. When asked if credit card info could be stored in the database, our source said “absolutely but hopefully those would be cordoned off and encrypted.”
Engineers with Ticketfly including founder Andrew Dreskin were up all night trying to contain the hack, which might have started with a hack of Ticketfly’s WordPress blog, which the hacker allegedly downloaded and posted on the hacked Ticketfly site, alongside files allegedly linking to information about Ticketfly “members” — it’s unclear what “members” means, and the vandalized site’s front page has since been removed. It’s unclear if the potentially stolen and sensitive information will be posted on another site, like Wikileaks.
Stay tuned for more updates and we continue to follow this story.