A week after its website was defaced and then taken offline, ticket-selling service Ticketfly confirmed today (June 7) that its customer database had indeed been hacked, with details of 27 million accounts purloined.
What Info Got Stolen?
The stolen information includes the names, addresses, telephone numbers and email addresses of registered Ticketfly users, including both ticket buyers and ticket sellers — the numerous nightclubs and other venues who are Ticketfly's primary clients.
Credit-card details were not stolen, the statement posted on the Ticketfly site said, and neither were passwords of registered ticket buyers, but there was a possibility that encrypted passwords of Ticketfly clients might have been.
What to Do Now
The site is forcing all registered users to change their passwords. If you're a registered user, you should also change that password everywhere else you've registered it — and you should make a strong, new password for each account from now on.
The fact that your name, phone number, email address and street address are out there isn't itself terrible. But it may result in an uptick of spam, including phishing emails and malware-laden attachments. So keep your antivirus software updated and be wary of unsolicited emails that seem too good to be true.
MORE: Best Password Managers
How Did This Happen?
On the night of May 30, an unknown person or persons calling themselves "IsHaKdZ" hijacked the Ticketfly website, replacing its front page with an image from "V for Vendetta" and declaring "Your Security Down im Not Sorry."
Ticketfly quickly took down the site, stating on Twitter that there had been a "cyber incident," and didn't bring it back online until June 2. In the meantime, people who'd bought tickets to Ticketfly-provisioned events were instructed to bring tickets printed out at home, or ticket-purchase confirmation emails and photo IDs, to venues.
Someone contacted Vice Motherboard on May 31 and claimed to be the Ticketfly hacker, adding that the site's entire customer database had been stolen. He or she provided a link to a server where the stolen data had been posted, and Motherboard confirmed that at least some of the personal data was legitimate.
The hackers also said they had tried to extort Ticketfly for one bitcoin before releasing the data.
Best Identity Protection
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.
