Ticket website for area venues hit by cyberattack

  • Northampton Academy of Music was one of the businesses that use Ticketfly, an online ticket-selling company that had data compromised in a cyberattack. File Photo

For the Recorder
Published: 6/6/2018 6:11:42 PM

NORTHAMPTON — Personal information including names, addresses, emails and phone numbers may have been compromised in a cyberattack on a ticket-selling website used by local businesses such as the Northampton Academy of Music and The Parlor Room.

The Academy sent out a notice of the cyberattack to patrons on Monday, saying that the online ticket-selling company Ticketfly had hired third-party forensic and cybersecurity experts to investigate the incident where a hacker allegedly held the website for ransom before releasing users’ personal data.

However, the Academy’s email read, “The reality is cyber incidents are unique, and the investigations typically take more time than one would like because the full picture of what happened isn’t always quick to develop.”

Academy of Music Executive Director Debra J’Anthony said that Ticketfly was hit with the cyberattack May 30, putting the Academy’s ticket sales down for two days. She said they were able to get back online in time to sell tickets for the weekend shows.

J’Anthony said that because Ticketfly uses a third party to process payments, no password or credit card information is believed to have been exposed.

“We don’t have all the information yet,” J’Anthony said.

The Parlor Room in Northampton and Gateway City Arts in Holyoke, Hawks & Reed in Greenfield also use Ticketfly, and the Pines Theater at Look Park has used Ticketfly for event tickets in the past.

A website that tracks data breaches, haveibeenpwned.com, estimates that some 26 million users’ information was compromised in the Ticketfly attack.

According to a screenshot shared on Twitter, the Ticketfly homepage was replaced Wednesday night with a depiction of the character from the movie “V for Vendetta,” along with the message “Ticketfly HacKeD By IsHaKdZ. Your Security Down im Not Sorry.”

Vice News’ Motherboard claimed to have had an email conversation last week with someone claiming to be the hacker and to have exploited a vulnerability in the Ticketfly website to take control of “all database” for Ticketfly and its website.

The alleged hacker told Motherboard they asked for 1 bitcoin (worth around $7,500 at the time) to share details about the vulnerability with the company, but after receiving no reply from Ticketfly, published the data on a public server.

Motherboard stated that it had procured CSV files allegedly posted by the hacker and said that it had verified the information of at least six people on the spreadsheet.

Ticketfly immediately shut down its website on Wednesday, May 30, to investigate the breach. As of Tuesday, the main Ticketfly website was still down, though individual venues’ ticket websites were back up as of Sunday.

“In the meantime, we encourage you to keep checking in on your favorite venue/promoters’ websites, social media channels or box offices,” a message on the site read. “Shows are on and tickets are available online and onsite.”

J’Anthony said the Academy will provide any new information about the incident as soon as it becomes available from Ticketfly.

“They and we understand the importance you place on the privacy and security of your data and we deeply regret any unauthorized access to it,” J’Anthony wrote in the notice to patrons. “They have assured us that they are taking this very seriously and are committed to providing updates as appropriate.”

Abbie Duquette, box office manager at The Parlor Room, said The Parlor Room’s website was down until Sunday and ticket sales for the venue only went back online Monday, though luckily the venue didn’t have any big shows that were affected by the downtime.

“I think they handled it well — super inconvenient to be down for a couple of days but it’s better to be safe than sorry,” Duquette said. “They made customers’ safety a priority.”

Rachel McCandlish, event manager for Gateway City Arts, said the venue’s Ticketfly website was down from Wednesday to Sunday also, but for one show during that time period, the venue relied on showgoers’ good faith assertions that they had previously bought tickets.

“We had a couple of calls from people who were confused that they couldn’t buy tickets,” McCandlish said. “But no one seemed upset.”

McCandlish said that as an extra security precaution, Ticketfly users and venues were asked to change their passwords.

A statement was posted on the Ticketfly website Tuesday regarding the attack.

“As many of you are aware, Ticketfly.com has been the target of a cyber incident. In consultation with leading third-party forensic and cybersecurity experts, we are in the process of bringing the Ticketfly ticketing system back online with the security of our clients and fans top of mind. We are grateful for the outpouring of support our community has shown us while we continue to work through this cyber incident, and appreciate your continued patience as we bring the systems back online.”

Greenfield Recorder

14 Hope Street
Greenfield, MA 01302-1367
Phone: (413) 772-0261
Fax: (413) 772-2906


Copyright © 2021 by Newspapers of Massachusetts, Inc.
Terms & Conditions - Privacy Policy