The hacker who pushed concert ticket Ticketfly offline for the last 5 and a half days also stole the email addresses, home addresses and other personal data of 26 million users, according to an analysis of data posted openly online.
Vice's Motherboard downloaded several CSV files uploaded to a public site by the hacker and had them analyzed by Troy Hunt of “Have I Been Pwned,” a website dedicated of informing users of data breaches. Hunt found 26,151,608 unique email addresses; and though the data did not include passwords or credit card info, it did include many home and billing address and phone numbers.
Tickefly, who had not previously provided details of the hack, confirmed the stolen data with this statement:
“Last week we learned that Ticketfly.com was the target of a cyber incident. In consultation with leading third-party forensic and cybersecurity experts, we confirmed that some customer information has been compromised as part of the incident, including names, addresses, emails, and phone numbers of Ticketfly fans," the statement read. "We understand the importance our customers place on the privacy and security of their data and we deeply regret any unauthorized access to it. This is an ongoing investigation and we will continue to provide updates as appropriate.”
The hacker claims to have warned Ticketfly prior to the hack, demanding a single bitcoin (currently worth about $7550 ) in exchange for sharing the security risk and not hacking the concert ticket company.
As of 1PM ET Tuesday, the main Ticketfly.com site was still offline.