Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Alleged Ticketfly Hacker Indicted for Extortion

2018 Data Breach Exposed 27 Million Records
Alleged Ticketfly Hacker Indicted for Extortion

An alleged hacker who’s accused of breaching the now defunt Ticketfly site in 2018 and exposing the personal information of about 27 million account holders has been indicted on a federal extortion charge, according to court documents filed by the FBI.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework

Moulak O. Ishak, who goes by the online name of "IsHaKdZ," remains at large, federal authorities say. The federal extortion charge carries a maximum penalty of three years in federal prison and a $250,000 fine.

At the time of the breach, Ticketfly, which was owned and operated by Eventbrite, sold tickets to concerts and events at nightclubs throughout the U.S. Eventbrite reported that the Ticketfly accounts of about 27 million were compromised; they included personal information, such as names, email addresses, physical addresses and phone numbers, according to ZDNet.

A company spokesperson told ZDNet at the time that no payment details were exposed during the breach.

Alleged Extortion

According to the federal indictment, Ishak allegedly damaged the company's website and then attempted to extort the company for money in May of 2018.

After the breach and defacement of the Ticketfly website with mages and a character from the movie "V for Vendetta," the apparent hacker, using the name IsHaKdZ, contacted Vice's Motherboard to share details of the attack and claimed that he told the company about the vulnerability and asked for one bitcoin to share details but never heard back from the firm.

In addition, the alleged hacker shared some of the stolen information with the Motherboard journalist, including spreadsheets with names and addresses. The publication says it was later able to verify some of the data.

A few days after the breach, an Eventbrite spokesperson told ZDNet that the company was the "target of a cyber incident," and revealed some of the details of what happened, including the amount of accounts affected and what information was compromised at the time.

Eventbrite announced in November 2018 that the Ticketfly site would be closed and merged with the company's main ticketing and event website, according to Billboard.

About the Author

Apurva Venkat

Apurva Venkat

Special Correspondent

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at companies such as IDG and Business Standard where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.