Ticketfly

Posted by Hack Recovery Team 5 Min Read
Cyber Security Jobs
Cyber Security Jobs

Ticketfly Breach

Although summer has not officially begun, it feels like it is already. Toronto, my hometown, has been experiencing scorching temperatures for the last few weeks. My boyfriend is a huge music lover and has taken me to an outdoor Slayer concert. This is their last tour, and it seems to be a huge deal for metal fans. In the next few months, we will be seeing Brujeria (Jay’s preference), Marilyn Manson (my preference), and Rob Zombie. We’re not the only ones planning to see live music this year, I’m sure. To attend a concert, the first step is to purchase tickets. These days you can do this online. Ticketfly is currently unavailable.

Comodo’s Shaw Unib Shaida made a video explaining the Ticketfly data breach.

Yes, Ticketfly, a ticket seller, has been the victim of a data leak. This will be the Data Breach of the Summer?

Ticketfly’s website was vandalized by an attacker who goes by “IshAkDz.” They wrote:

“Your security down, you’re not sorry. Next time, I will publish the database.

The cyber attacker may have access to over 4,000 spreadsheets that contain names, addresses, phone numbers, street addresses, and phone numbers of customers who purchased tickets from Ticketfly. “IshAkDz,” a cyber attacker, told a media outlet they had contacted Ticketfly many times but have not received a reply. To undo their attack, they are asking for one bitcoin. This is currently worth USD 75,544.

Ticketfly is down

A Ticketfly spokesperson said:

“Ticketfly.com was the victim of a cyber attack after several issues with Ticketfly properties. We have temporarily taken all Ticketfly systems offline while we investigate the problem. While we are aware of the seriousness of the situation, the security of customer and client data is our number one priority. We will continue to work tirelessly to help our clients get back on track.”

Eventbrite, the parent company of Ticketfly, has not had its website down. Ticketfly’s website was down at 6 AM Eastern Standard Time on May 31, 2013. It is not yet known when it will come back online.

Andrew Dreskin, the founder of Ticketfly, is one of those who has been tirelessly trying to restore their website since Wednesday. Their WordPress blog is suspected to have been the first attack vector. “IshAkDz,” is thought to have downloaded the contents of the WordPress website and uploaded it to the hijacked main Ticketfly site.

Security vulnerabilities exist for all websites, web apps, and CMSes. Some CMS-based websites are more secure than others. It all depends on the configuration of the webserver and the CMS. Many popular CMSes like WordPress, Joomla, or Drupal use MySQL or PostgreSQL backends to generate dynamic web pages with PHP. A lot of the CMS website security hardening process entails securing the database it runs on. SQL injection is a popular way to penetrate these websites. This involves entering code into web form fields. Instead of entering the string expected by the form, such as “Kim Crawley”, code is entered. This may enable a cyber attacker privilege to escalate and gain administrative access to the site. An attacker may also use SQL injection to do malicious things to websites. However, an attacker will SQL inject to gain administrative access to the website. There are many ways to security harden WordPress-based websites, WordPress has a handy guide you can start with. Web applications and websites should be periodically purged.

I am just speculating on what might have happened to Ticketfly’s website and what Ticketfly could have done to prevent the breach from ever happening. In the coming days, more information may become available.

Ticketfly’s website is an e-commerce site. Therefore, financial transaction data flows through their web servers. Security is especially important for e-commerce sites, as financial data can be very sensitive. It does not appear that “IshAkDz”, has acquired any credit or financial data. Ticketfly should have segmented their eCommerce website from the ones which were attacked.

Ticketfly’s website operations should be restored quickly, as showbiz people say “The show must go on!”

Tags: