Ticketfly Cyber Incident Information
Last Updated -
In late May 2018, Ticketfly was the target of a malicious cyber attack. This page originally served as a place for Ticketfly to notify clients and fans of details of the investigation as they unfolded, including information about what personal data was accessed as a result of the attack. Now this page contains an overview of what happened. We are sorry this incident occurred.
- On May 30, 2018, we discovered unauthorized access to the Ticketfly platform.
- We take privacy and security very seriously and upon first learning about this incident, took swift action to secure the data of our clients and fans. This included making the difficult decision to temporarily take all Ticketfly systems offline while consulting with third-party forensic cybersecurity experts and vigorously investigating the incident.
- As soon as we had confidence that we could bring the Ticketfly ticketing systems and websites back online safely and securely, we began the work to do so.
- The Ticketfly ticketing system and all websites have now been fully restored.
- We forced a precautionary password reset for all ticket buyers and clients prior to bringing our systems back online.
- We completed a comprehensive review of our security protocols.
- We put in place an application firewall designed to provide an additional layer of security.
- We are in the process of implementing two-factor authentication for our clients.
FAQs about the cyber incident and accessed data
What data was accessed through this cyber incident?
Information accessed includes names, addresses, email addresses and phone numbers connected to Ticketfly accounts. No credit and debit card information was accessed.
What about passwords?
Passwords for Ticketfly ticket buyers were not accessed. As a precautionary measure, we forced a reset for all passwords for both ticket buyers and Ticketfly venue/promoter clients before we brought the system back online the morning of Saturday, June 2, 2018. There is no further action ticket buyers or Ticketfly clients need to take.
For Ticketfly venue/promoter clients (who are all within the US and Canada), we have no evidence that passwords were accessed. It is possible, however, that hashed values of client password credentials could have been accessed. Hashing is a way of scrambling a piece of data, making it generally incomprehensible. As a precautionary measure, in addition to resetting their password on our site, we also recommend that Ticketfly clients reset any other account that uses any of their Ticketfly credentials.
How did this happen and what more can you share about the incident?
We understand there is curiosity as to who perpetrated this attack, and how. Unfortunately, we are limited in what specific details we can share. We can convey that our enhanced security measures are intended to help make sure this does not happen again.
Does the security risk from this intrusion continue to exist?
We have no reason to believe the security risk from this intrusion currently exists in light of the enhanced security measures described above.
What about my Ticketfly-powered website?
All Ticketfly-powered venue and promoter websites are now back online.
Did you find this article helpful?