Users’ names, phone numbers, addresses and email addresses connected to the accounts were accessed in the hack, but financial information like credit and debit card numbers were not, according to Eventbrite, the San Francisco-based company that owns Ticketfly.
During the past week, the company has slowly reintroduced aspects of its website.
The breach occurred last Thursday, when a hacker using the handle IsHaKdZ replaced the website’s homepage with an image of the character V from the 2005 film “V for Vendetta.” The character is a British anarchist who wears a Guy Fawkes mask and violently protests the fascist government in a fictional portrayal of Britain.
Under this image was the hacker’s email address and a message: “Your Security Down im Not Sorry. Next time I will publish database ‘backstage.’ ”
The breach caused headaches for venues across the country that primarily rely on digital ticketing.
“Due to the current Ticketfly outage, we ask that you please print your tickets if possible,” the 9:30 Club, the concert venue in Washington, tweeted Friday. “For those with will call tickets, please head to our box office. Tickets will be available at the door! Thank you for your patience.”
Space Gallery, an arts venue in Portland, Maine, had to sell tickets at the door for a concert by Chicago multi-instrumentalist Nnamdi Ogbonnaya.
The primary fear for users involved in any major data breach is the idea that a hacker could use their information to commit identity fraud or to access their financial institutions. Troy Hunt, who runs the Have I Been Pwned? website, told the Associated Press this breach is not as dire as some, because IsHaKdZ did not take passwords.
In a conversation with Mashable, the hacker claimed to have warned Ticketfly of a vulnerability on its website and requested a ransom to fix it.
“[Yes] i asked them 1 bitcoin for protection. But I did not receive a reply from them,” the hacker told Mashable. The hacker also shared with the media outlet a large directory of spreadsheet files that seemed to contain personal data for Ticketfly customers and employees. Mashable said it confirmed some of the data was authentic.