Eventbrite-owned ticket distribution service Ticketfly has taken its website offline today after a hacker defaced its frontpage and stole a part of its customer database.
The hack has taken place late yesterday night (US timezones), on May 30. At that time, users trying to purchase tickets reported that the Ticketfly website was showing a defacement message with the now infamous "V for Vendetta" character, the symbol of the Anonymous hacker collective.
"Ticketfly HacKeD By IsHaKdZ," read the website, and "Your Security Down im Not Sorry."
Ticketfly admins did eventually discover the hack, but before they took down the defacement message and put the site in maintenance mode, a user also noticed that many CSV files containing user data were also freely accessible via one of the site's URLs.
I sent an email yesterday reporting that the ticketfly website was hacked. All of the user data and site is completely downloadable. They need to come clean on the fact that your data was comprised and still is downloadable at this very moment! #ticketfly #cybercrime #wordpress pic.twitter.com/Ur0AsZpDij— Michael Villado (@mvillado) May 31, 2018
"Following a series of recent issues with Ticketfly properties, we've determined that Ticketfly has been the target of a cyber incident," the message now available on Ticketfly's homepage reads.
"Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible. Please check back later."
The site's abrupt downtime caused issues with bars and event organizers selling tickets through the Ticketfly service. Users can't buy tickets either, as all Ticketfly servers are now down.
There is a nationwide Ticketfly outage which effects our ability to sell tickets both online and at our box offices. We hope to be back up and running shortly. (5/31 9:21 am)— Union Transfer (@UnionTransfer) May 31, 2018
The hacker behind the Ticketfly defacement and database theft is named IsHaKdZ. Zone-H, a website that archives site defacements includes entries attributed to this nickname going back as far as 2010, albeit it is unclear if it's the same hacker or someone who is misusing an older pseudonym.
IsHaKdZ also left an email address on the defaced website, but the hacker did not respond to a request for comment on the hack before this article's publication.
But the hacker did reply to a CNET reporter, revealing that he asked Ticketfly to pay a 1 Bitcoin ransom to not release the site's data online. Ticketfly did not confirm the ransom demand.
UPDATE [June 3, 05:15 ET]: TicketFly is still down. The company has published a page with more information. In the meantime, the size of the leaked data has been revealed to be of over 26 million user accounts.