A week after its website was defaced and then taken offline, ticket-selling service Ticketfly confirmed today (June 7) that its customer database had indeed been hacked, with details of 27 million accounts purloined.
What Info Got Stolen?
The stolen information includes the names, addresses, telephone numbers and email addresses of registered Ticketfly users, including both ticket buyers and ticket sellers — the numerous nightclubs and other venues who are Ticketfly's primary clients.
Credit-card details were not stolen, the statement posted on the Ticketfly site said, and neither were passwords of registered ticket buyers, but there was a possibility that encrypted passwords of Ticketfly clients might have been.
What to Do Now
The site is forcing all registered users to change their passwords. If you're a registered user, you should also change that password everywhere else you've registered it — and you should make a strong, new password for each account from now on.
The fact that your name, phone number, email address and street address are out there isn't itself terrible. But it may result in an uptick of spam, including phishing emails and malware-laden attachments. So keep your antivirus software updated and be wary of unsolicited emails that seem too good to be true.
MORE: Best Password Managers
How Did This Happen?
On the night of May 30, an unknown person or persons calling themselves "IsHaKdZ" hijacked the Ticketfly website, replacing its front page with an image from "V for Vendetta" and declaring "Your Security Down im Not Sorry."
Ticketfly quickly took down the site, stating on Twitter that there had been a "cyber incident," and didn't bring it back online until June 2. In the meantime, people who'd bought tickets to Ticketfly-provisioned events were instructed to bring tickets printed out at home, or ticket-purchase confirmation emails and photo IDs, to venues.
Someone contacted Vice Motherboard on May 31 and claimed to be the Ticketfly hacker, adding that the site's entire customer database had been stolen. He or she provided a link to a server where the stolen data had been posted, and Motherboard confirmed that at least some of the personal data was legitimate.
The hackers also said they had tried to extort Ticketfly for one bitcoin before releasing the data.