Breach Brief – Ticketfly, MyHeritage
Concert ticketing service Ticketfly reported last week that it was hit by a major data breach involving the personal information of 26 million customers.
According to Ticketfly “some customer information has been compromised including names, addresses, emails, and phone numbers.” Tech news blog Engadget reported that the hacker behind the attack has uploaded much of the data to a public server and is threatening to release more.
Prior to the breach Ticketfly was warned of a flaw in its systems by the hacker. According to Motherboard.com the hacker notified Ticketfly then requested a ransom of one bitcoin in exchange for a fix. When the ransom was not paid as requested Ticketfly suffered the consequences.
Ticketfly has not said if customer’s credit card information and passwords has been compromised. However, the hacker has threatened to release more information if the ransom is not paid.
At the time this article was written the website is back online. Ticketfly is owned by San Francisco based Eventbrite.
MyHeritage, an Israeli based genealogy and DNA testing service, has suffered a major data breach of its user information. According to a MyHeritage statement over 92 million customer account details were found on a server outside of MyHeritage. The data is that of of people who signed up to use the service right up to the day of the breach, October 26, 2017.
MyHeritage stated that the chief information security officer “received a message from a security researcher that he had found a file named myheritage containing email addresses and hashed password, on a private server.” Hashed passwords are encrypted representations of passwords. This means companies don’t have to store the actual password on their network but, depending on the algorithm used, hackers could still crack them.
MyHeritage claims that no other user data, such as credit cards, were compromised and DNA data are stored separate systems.