A week after, the company is coming clean on the extent of the data breach.
While early analysis suggested that, Ticketfly said Thursday that the number was a bit higher.
“Information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed,” a Ticketfly spokesperson said in an email.
While personal data was stolen and publicly posted for a brief period on Ticketfly’s defaced website, the company said no credit card and debit card information had been accessed.
Ticketfly said it learned more about the breach after working with a third-party forensic cybersecurity company. Ticketfly, which offers ticketing services for indie venues across the US, took its website down on May 31 to tackle the hack and brought its website back online Wednesday.
The company reset every user’s passwords — for both buyers and venue promoters — before bringing its system back up.
The hacker behind the attack, “IShAkDz,” originally took over the company’s website, leaving a message behind taunting Ticketfly: “Your security down, I’m not sorry. Next time I will publish database.”
The alleged data thief told CNET in an email that he or she contacted the company before going through with the hack, demanding Ticketfly pay 1 bitcoin to stop the attack. Ticketfly never responded and still hasn’t acknowledged the attacker.
Security breaches continue to haul off a treasure trove of data about consumers. On Tuesday, MyHeritage, a DNA testing service, said a. Such data can often be used for future attacks or sold online for other cybercriminals to use.
Blockchain Decoded: CNET looks at the tech powering bitcoin — and soon, too, a myriad of services that will change your life.
Follow the Money: This is how digital cash is changing the way we save, shop and work.