27 Million Ticketfly Accounts Hacked: What You Should Do
Ticket-selling service Ticketfly said data on 27 million accounts had been stolen, including names, phone numbers and email addresses.
A week after its website was defaced and then taken offline, ticket-selling service Ticketfly confirmed today (June 7) that its customer database had indeed been hacked, with details of 27 million accounts purloined.
What Info Got Stolen?
The stolen information includes the names, addresses, telephone numbers and email addresses of registered Ticketfly users, including both ticket buyers and ticket sellers — the numerous nightclubs and other venues who are Ticketfly's primary clients.
Credit-card details were not stolen, the statement posted on the Ticketfly site said, and neither were passwords of registered ticket buyers, but there was a possibility that encrypted passwords of Ticketfly clients might have been.
What to Do Now
The site is forcing all registered users to change their passwords. If you're a registered user, you should also change that password everywhere else you've registered it — and you should make a strong, new password for each account from now on.
The fact that your name, phone number, email address and street address are out there isn't itself terrible. But it may result in an uptick of spam, including phishing emails and malware-laden attachments. So keep your antivirus software updated and be wary of unsolicited emails that seem too good to be true.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
MORE: Best Password Managers
How Did This Happen?
On the night of May 30, an unknown person or persons calling themselves "IsHaKdZ" hijacked the Ticketfly website, replacing its front page with an image from "V for Vendetta" and declaring "Your Security Down im Not Sorry."
Ticketfly quickly took down the site, stating on Twitter that there had been a "cyber incident," and didn't bring it back online until June 2. In the meantime, people who'd bought tickets to Ticketfly-provisioned events were instructed to bring tickets printed out at home, or ticket-purchase confirmation emails and photo IDs, to venues.
Someone contacted Vice Motherboard on May 31 and claimed to be the Ticketfly hacker, adding that the site's entire customer database had been stolen. He or she provided a link to a server where the stolen data had been posted, and Motherboard confirmed that at least some of the personal data was legitimate.
The hackers also said they had tried to extort Ticketfly for one bitcoin before releasing the data.
Best Identity Protection
Best Overall
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
Best Data Monitoring
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Best Tools
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.