When I learned that Ticketfly was introducing two-step authentication, I couldn’t help but think of a similar security incident we faced at Amplify just days before the Ticketfly hack.
I have no evidence that the two are related, but the similarities are striking. Beginning on May 26, someone attempted to breach our site by utilizing a known security flaw in WordPress. They made between 300 to 400 attempts to break in to the site over a period of three days. Our security log showed that the hacker was using a VPN to protect their IP address, making it impossible to pinpoint the country of origin of the attack.
The hacker’s approach was not particularly sophisticated — they essentially were trying to log with username Admin and then simply guessing passwords until our site timed them out. The hacker never breached our site or accessed any confidential information, but we did implement some additional security parameters including two-step authentication to log in to our site from an unknown IP address. This technology is widely used by sites like Google, Facebook and most financial institutions.
The announcement by Ticketfly that they would move to a two-step authentication process caught my attention. We know through our reporting the historic breach likely occurred because of a security flaw in WordPress. We have no evidence that the attack on Amplify was related to the attack on Ticketfly, but the timing and similarities certainly are striking.