As the Ticketfly hack – or “cyber incident” per their website – enters its second day, the company has confirmed that the incident “has resulted in the compromise of some client and customer information,” according to an update posted by the company at a support website. Ticketfly.com remains down as of Friday morning, with the company offering minimal information regarding the extent of the breach, or how many customers and clients may be exposed in the incident.

According to one report, the hacker attempted to ransom Ticketfly before releasing the data, which may include information on many thousands of customers.

For consumers holding tickets to upcoming shows, or looking for tickets to upcoming shows at venues served by the ticketing vendor, the confusion and anxiety are real. According to the message posted at Ticketfly.com, consumers should look for information about specific events on the social media accounts of the presenting venues/promoters to learn about the status of upcoming shows. “In many cases, shows are still happening and tickets may be available at the door.”

Consumers are being directed to social media for promoters because Ticketfly also provides web services for many of its clients, meaning the venue and promoter websites are also down and potentially affected by the breach. According to Hypebot.com, IMP Promotions and its new flagship venue in Washington D.C. as well as Chicago-based Jam Productions were all dark.

According to several posts on social media, the perpetrator posted “Ticketfly HacKeD By IsHaKdZ” and database/member information links on the company’s website:

ticketfly hacked

According to Vice’s Motherboard, the hacker attempted to ransom Ticketfly for one bitcoin (approximately $7,430 according to google) before going through with the action. The hacker also reportedly shared the location of the data, and the magazine deemed it to be legit.

Among them, there are several CSV spreadsheet files containing what appear to be personal details of Ticketfly customers and employees, including names, home and email addresses, and phone numbers. Each spreadsheet contains thousands of names. Motherboard is actively trying to confirm the validity of these documents, however some of the names correspond to the real names and email addresses of employees at music venues that use Ticketfly.

 

We were able to confirm the personal details of six users, which indicates the hacked data is legitimate.

Ticketfly parent company Eventbrite doesn’t appear to have been a subject of the “incident,” but that doesn’t mean the company won’t likely feel major pains as this is all resolved – likely far more than the alleged ransom amount. The company, which acquired Ticketfly from Pandora (NYSE: P) for $200 million last year will have to do major damage control, particularly if the data breach of its customers and clients was as significant as seems possible given the information we have available at this time. The long term viability of the Ticketfly brand could be seriously damaged, potentially imperiling the rumored IPO Eventbrite has been considering.

Competitors in the space are certainly looking to capitalize on the moment. EZEvent, which provides primary ticketing services for events large and small in competition with Eventbrite, reported a booming operation Thursday as event operators scrambled. “We had our biggest event creation day ever,” said managing director James Wilson. Similarly, Ticketsocket.com has been busy with its capability of creating entire venue websites to power ticketing in 24 hours.

It’s certainly possible, given the unprecedented downtime being experienced and the potential consumer nightmare of massive data exposure, that a number of other primary ticketing operators will see great gains at the expense of Eventbrite’s operation. “Consumer confidence may be shaken in Ticketfly,” Kevin Lilly, of Florida’s The Attic told the Tampa Bay Times. He has used Ticketfly exclusively for shows at his venue since 2016, but told the reporter “I may have to completely change vendors.”

For now, it’s a scramble for both Ticketfly and its parent company to fix the issue and assess the damage, and for clients with upcoming events. “In the event the system isn’t back up, [by Monday], they will mail us hard copy lists of every single person that’s purchased tickets, from Ticketfly headquarters,” Kendra Marolf of the State Theatre, also in Florida. That, of course, won’t do any good for a customer who has purchased tickets to such an event on the secondary market, or even received tickets as a gift. Such customers will “likely need all three of the following: original credit card used to purchase the ticket; a photocopy of the original buyer’s ID; and a note from the original buyer authorizing you to pick up the ticket(s),” according to Ticketfly’s FAQ.

Mobile-only events are an even bigger headache. Lilly’s staff at The Attic is encouraging ticket holders to print their Ticketfly receipts and confirmation emails and bring them to the venue in the event the system is still down.

We will provide additional updates on the ongoing Ticketfly hack saga as more information on the extent of the breach and what consumers can do to protect themselves as it becomes available.