Buying tickets to a concert is supposed to bring forth anticipation of joy, not stress. But that's exactly what some concertgoers may be facing after Ticketfly, the Eventbrite-owned indie ticketing service, went offline on May 31 following an announcement that the company had been the target of a "cyber incident." In other words, the site was hacked.
"Following a series of recent issues with Ticketfly properties, we've determined that Ticketfly.com has been the target of a cyber incident," reads a message on the Ticketfly site. "Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We realize the gravity of this decision, but the security of client and customer data is our top priority. We are working tirelessly to get our clients back up and running."
Here's What Happened
Users of the site noticed something awry around midnight EDT on May 31, when the homepage featured a picture of the fictional character Guy Fawkes and a message from a hacker group called "Ishakdz" reading "Your Security Down I'm Not Sorry."
Check the homepage. pic.twitter.com/KPDu6PsjIJ— Michael Stenberg (@MichaelStenberg) May 31, 2018
The hackers claimed to access Ticketfly backstage database that stores client information for thousands of venues and promoters that work with Ticketfly. A source from Ticketfly told Billboard.com that the database is "where clients perform all their work building events, setting prices, etc." The source also said that credit card information could be in that database, though "hopefully those would be cordoned off and encrypted."
Shortly after the cyber attack, Ticketfly took the website offline. There is a web page providing scant details about the incident at ticketf.ly/update. The company has not released information about what data was compromised, or when the site will be back online.
"Our investigation into the incident is ongoing. We're putting all of our resources to confirm the extent of the unauthorized access. We're committed to communicating with all customers once we have more information about the scope of the issue," the company says on its support page. "We deeply regret the inconvenience caused by this incident and are working around the clock to resolve the issue and get all Ticketfly systems back up and running." The website was back online this morning (June 2).
What to Do If You've Bought Tickets Through Ticketfly
The company has not specified what data has been compromised but if you've bought tickets through the site, it's smart to take precautions now.
1. Change Your Passwords
If you had an account at Ticketfly.com using your email address and a password, make sure you're not using that same password on other accounts. If you are, update your passwords on the other sites immediately.
2. Monitor Your Credit Card Accounts
Ticketfly has not released information about credit or debit card numbers being breached, but it's always better to be safe than sorry. Set up text or email alerts on your credit or debit cards so you get a notification whenever the cards are used. You may also want to comb through recent statements for suspicious activity. Be sure to report any fraudulent charges immediately. Read more here about what to do if your credit card is part of a data breach.
3. Consider Changing Your Card Numbers
Out of an abundance of caution, you may want to request that your card issuer change the account numbers on your current cards if they're stored in your Ticketfly account. The process is simple—just call the issuer and explain that you want a new card with a number and PIN if you need it. You have a right to get your account numbers changed, free of charge.
4. Monitor your credit.
While little is yet known about what information has been compromised in this security breach, the truth is that you'll want to remain vigilant about monitoring your credit reports. If you're worried about fraud, you can file a free initial security alert that is active on your account for 90 days at the Experian fraud center. (The bureaus are legally required to share such alerts with the other two counterparts, so you don't need to file it with all three.) This notifies lenders pulling your credit to take extra steps to verify your identity, but it does not block access to your credit report altogether.
If you're looking for additional protection, you might consider freezing your credit, which will prevent lenders from extending new credit in your name altogether. Credit freezes typically cost $10, though they can be up to $20. Remember, you also have to pay to unfreeze your credit if you need to apply for credit in your name, as well. (President Trump recently signed a bill that makes credit freezes free, but it won't go into effect until later this year.)
Read here for more details on what to do after a data breach.
Editorial Disclaimer: Opinions expressed here are author's alone, not those of any bank, credit card issuer or other company, and have not been reviewed, approved or otherwise endorsed by any of these entities. All information, including rates and fees, are accurate as of the date of publication.
This article was originally published on June 2, 2018, and has been updated.