So just how bad is the unprecedented “cyber incident” that has pushed Ticketfly into Day Two of the company’s worst crisis in its ten-year history?
We don’t know, but based on the evidence, there’s plenty to be concerned about. Ticketfly is still offline, which is bad news for the thousands of venues, promoters and festivals who can’t sell tickets to their events and are scrambling to find ways to let people in and out of their venues during a busy summer weekend.
There’s also the threat that the person who took responsibility for the attack is going to release troves of confidential information stolen from Ticketfly, everything from customer databases to Ticketfly reports showing confidential details about how promoters on the Ticketfly platform conduct their business. Ticketfly isn’t saying anything about what information has been compromised, or providing many details about their progress bringing the platform online, besides acknowledging that engineers and key staff are working around the clock to contain the disaster.
And of course there’s questions about what the long-term damage from the hack means for the Ticketfly brand, or what kind of damage, if any has been done to their technology infrastructure.
For now, the long-term implications of what seems like the most consequential cyber attack in the history of ticketing must take a backseat to day-to-day efforts to keep the music industry running without one of its most important pieces of infrastructure.
“The shows aren’t going to stop — music clubs are war-ready,” said James Moody with the Mohawk in Austin, Texas, which uses Eventbrite, a San Francisco ticketing company that purchased Ticketfly from Pandora last year.
Moody said clubs around Austin, and the rest of the country, are searching for workarounds — venues are printing out lists of ticket buyers and trying to match fan IDs and credit cards with names and buyer information. Ticketfly also powers the websites of many of its venue clients, like Cain’s Ballroom in Tulsa, Oklahoma, which is forcing club owners to turn to social media to try and communicate with fans. Simple tasks like emailing ticket-buyers with show information and updates on the “cyber incident” require a series of complicated work-arounds or can’t be done at all.
Because Ticketfly is owned by Eventbrite, many festival clients can simply switch to Eventbrite to sell inventory while Ticketfly works through the crisis. Chicago’s Riot Fest is now selling tickets to its event through Eventbrite, while Chicago’s Jam Productions is also making the move over to Eventbrite for some its events while the dust settles (although the outage has also taken down its website, replaced by a temporary page).
The fact that Ticketfly now powers so many websites, as well as mobile ticketing applications and marketing and reporting systems begs the question of whether the company has become “too big to fail” and could mean it takes that much longer to turn the system back on and get everything back up and running.
Will there be long-term damage for the Ticketfly brand? Of course — we’re still a long way from understanding what happened, what’s compromised and who’s to blame, but being the victim of one of the most disruptive cyber attacks in the history of the music business isn’t something you include in a sales deck.
That said, the sale of the company last year to Eventbrite actually protects Ticketfly’s most valuable assets — namely their clients. Sure the technology Ticketfly spent millions developing now has an asterisk next to it, but the long-term play for Eventbrite following the sale was to continue to build the business around the Eventbrite platform and lead with their own technology, which has largely been unaffected by the hack.
Most importantly, after Ticketfly pacifies the crisis, it’s going to be absolutely critical that they provide a full accounting of how a hacker was able to gain access to the platform, causing a multi-day shutdown of their system, and detail what private information was compromised and provide those affected with assistance protecting their privacy.
What if the hacker really does have Ticketfly’s “backstage” database detailing the ticketing company’s client information and posts it on a site like Wikileaks? Would it be ethical to access and review that information to get a competitive advantage over another promoter or to bid against Ticketfly?
The answer is definitely no. There will be a more appropriate time to discuss the ethical implications of benefitting from ill gotten goods, but obviously it’s wrong to take advantage of someone’s misfortune, even if you are at odds with that person/company. Will that stop people from seizing upon the information and potentially using it against the victims? Of course not — ticketing is an extremely competitive place and there is a ton of pressure to sign clients. And some people will do just about anything to get a win on the board.