Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management
Alleged Ticketfly Hacker Indicted for Extortion
2018 Data Breach Exposed 27 Million RecordsAn alleged hacker who’s accused of breaching the now defunt Ticketfly site in 2018 and exposing the personal information of about 27 million account holders has been indicted on a federal extortion charge, according to court documents filed by the FBI.
See Also: Panel | Cyberattacks Are Increasing — And Cyber Insurance Rates Are Skyrocketing
Moulak O. Ishak, who goes by the online name of "IsHaKdZ," remains at large, federal authorities say. The federal extortion charge carries a maximum penalty of three years in federal prison and a $250,000 fine.
At the time of the breach, Ticketfly, which was owned and operated by Eventbrite, sold tickets to concerts and events at nightclubs throughout the U.S. Eventbrite reported that the Ticketfly accounts of about 27 million were compromised; they included personal information, such as names, email addresses, physical addresses and phone numbers, according to ZDNet.
A company spokesperson told ZDNet at the time that no payment details were exposed during the breach.
Alleged Extortion
According to the federal indictment, Ishak allegedly damaged the company's website and then attempted to extort the company for money in May of 2018.
After the breach and defacement of the Ticketfly website with mages and a character from the movie "V for Vendetta," the apparent hacker, using the name IsHaKdZ, contacted Vice's Motherboard to share details of the attack and claimed that he told the company about the vulnerability and asked for one bitcoin to share details but never heard back from the firm.
In addition, the alleged hacker shared some of the stolen information with the Motherboard journalist, including spreadsheets with names and addresses. The publication says it was later able to verify some of the data.
A few days after the breach, an Eventbrite spokesperson told ZDNet that the company was the "target of a cyber incident," and revealed some of the details of what happened, including the amount of accounts affected and what information was compromised at the time.
Eventbrite announced in November 2018 that the Ticketfly site would be closed and merged with the company's main ticketing and event website, according to Billboard.