By Drew M. Smith
Ticketfly, one of the world’s largest ticket selling and exchange websites was brought down due to a hacker on June 1st. Only recently has this site been restored to full functionality. For over a week, the website had many of its major features shut down and caused multiple headaches for those venues that rely on the service to sell their tickets.
The way this breach happened has the hallmarks of cyber extortion virus mixed with phishing. The hacker identified as IShAkDz emailed Ticketfly’s owners and warned them if they didn’t pay a single bitcon, they would take down the site. When they refused to pay, the hacker took over the site and replaced it with an image of a fictional anarchist, saying “Your Security Down im Not Sorry. Next time I will publish database ‘backstage.’ This implied and later confirmed that it was the database of the various users and promoters was compromised. The threat being the usernames would be placed on the black market like many other notable hacks. Supposedly, the hacker was warning Ticketfly of a vulnerability, but without the payment, he went through with it.1
What makes this hack dangerous was the fact it took down Ticketfly for five days, only restoring partial service on June 7th. The implications of this can’t be understated. If a website is taken down for an hour, it can cost companies thousands of dollars. Five days would certainly cause serious damage. With 26 million user names and records compromised, a hack such as this would scare many into rethinking their security plan.
To combat this, all your computers need to be kept up to date as newer patches might fix older vulnerabilities. Don’t open suspicious emails and inform whoever works with your IT. If you are hacked, your cyber coverage should be structured to cover any associated costs.
For more information on Cyber Liability Insurance, click here.