A data breach that has knocked ticket distribution website Ticketfly offline for the last several days may have exposed the personal data of more than 26 million people, according to a report Monday.
Ticketfly’s website has been offline since May 31 as the company works to address the data breach. The hacker approached Ticketfly officials about security vulnerability on the website and demanded one bitcoin in exchange for details on the vulnerability and how to fix it, Vice’s Motherboard reported.
When the company did not respond, the hacker took control of Ticketfly’s website, altered its homepage and downloaded customer and employee database information. “Have I Been Pwned,” a website that tracks data breaches, told Motherboard that the hack likely exposed more than 26 million email addresses. Most of the downloaded files also included home addresses and phone numbers, though credit card numbers were not exposed.
“Last week we learned that Ticketfly.com was the target of a cyber incident,” a Ticketfly spokesperson said in a statement. “In consultation with leading third-party forensic and cybersecurity experts, we confirmed that some customer information has been compromised as part of the incident, including names, addresses, emails, and phone numbers of Ticketfly fans. We understand the importance our customers place on the privacy and security of their data and we deeply regret any unauthorized access to it. This is an ongoing investigation and we will continue to provide updates as appropriate.”
The company did not comment on the extent of the data breach.
In a message on its homepage, Ticketfly said some of its features are available, though the full site remains down.
“We’ve engaged leading third-party forensic and cybersecurity experts to investigate and help us address the issue, and have done this with your security top of mind,” the company said. “More specifically, Box Office, ticket purchasing, and scanning capabilities are now being made available again.”