Summer has yet to officially start, but to me it feels like it’s begun already. My hometown of Toronto has been experiencing sweltering temperatures for the past couple of weeks. My boyfriend is an avid music fan and he has already taken me to an outdoor Slayer concert. (This is their last tour and apparently it’s a big deal to metal fans.) Within the next few months, we’ll be seeing Brujeria, Marilyn Manson, and Rob Zombie (Jay’s preference), and Steely Dan (my preference.) I know we’re not alone, and possibly millions of people are planning to see live music this summer. The first step to attending a concert is to buy tickets for it, and these days people usually do that online. Well, you can’t use Ticketfly’s website at the moment.
Comodo’s own Shaw Unib Shaida has a video which explains the Ticketfly data breach in a nutshell.
Yep, ticket seller Ticketfly is the victim of a data breach. Will this be the Summer of the Data Breach?
Ticketfly’s website was vandalized by an attacker who goes by “IshAkDz.” They wrote:
“Your security down, I’m not sorry. Next time I will publish database.”
There are indications that the cyber attacker possesses a database with over 4,000 spreadsheets which contain names, email addresses, phone numbers, and street addresses of customers who have purchased tickets from Ticketfly. “IshAkDz” told a media outlet that they contacted Ticketfly several times and has yet to receive a response. They are demanding one bitcoin to undo the effects of their attack, which is currently worth $7,544 USD.
“Following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly.com has been the target of a cyber incident. Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We realize the gravity of this decision, but the security of client and customer data is our top priority. We are working tirelessly to get our clients back up and running.”
Ticketfly parent company Eventbrite’s website hasn’t been affected. Ticketfly’s website has been down since about 6am Eastern Standard Time on May 31st. We don’t know yet when it will be back online.
Ticketfly founder Andrew Dreskin is one of the people who have been working tirelessly since Wednesday trying to restore their website. They suspect that their WordPress blog may have been the initial attack vector. “IshAkDz” is believed to have downloaded the WordPress site’s contents and posted in on the hijacked main Ticketfly website.
All websites, web applications, and CMSes have security vulnerabilities. But some CMS based websites are a lot more secure than others. A lot of it depends on how the web server is configured, and how the CMS is configured. Popular CMSes such as WordPress, Joomla, and Drupal are built with MySQL or PostgreSQL database backends, and they generate dynamic webpages with PHP. A lot of the CMS website security hardening process entails securing the database it runs on. SQL injection is a common way to successfully penetrate these sorts of websites. That usually involves entering code into a web form field. Instead of inputting a string that the form expects, such as my name (“Kim Crawley”), code is entered which may allow a cyber attacker to privilege escalate and acquire administrative access to the website. SQL injection attacks can also be used to do other malicious things to websites, but an attacker will usually SQL inject in order to privilege escalate. There are many ways to security harden WordPress based websites, WordPress has a handy guide you can start with. Websites and web applications should also periodically be penetration tested.
I’m just speculating about what may have happened to Ticketfly’s website and what Ticketfly may have been able to do that would have prevented the breach from happening in the first place. More details may be available in the next few days.
Ticketfly’s website deals in ecommerce, so there is financial transaction data which goes through their web servers. Ecommerce sites are especially important to security harden because financial data is very sensitive! It doesn’t appear that “IshAkDz” has acquired any financial or credit card data, so hopefully Ticketfly segmented the ecommerce component of their website from the parts which were attacked.
Hopefully Ticketfly’s web operations will be restored soon, because in showbiz they say, “the show must go on!”