Event-ticketing company Ticketfly was still working to get back online Sunday, four days after a hacker reportedly hijacked the site and stole data from more than 26 million customers.
The breach apparently occurred Wednesday night, when a hacker took control of the site and demanded to be paid in bitcoin to release it. Last week, Vice’s Motherboard reported it communicated with someone claiming to be the hacker, who said they had asked Ticketfly for one bitcoin BTCUSD, -1.46% (around $7,500 at the time) in exchange for sharing details about the site’s vulnerability. The ransom was not paid, and the hacker posted user data online. Ticketfly said it took the site offline as a security measure.
Ticketfly, which is owned by Eventbrite, confirmed on its website that it had been breached, and that some customers’ names, addresses, email addresses and phone numbers had been exposed. Passwords and credit-card numbers were apparently not affected.
“Due to a recent cyber incident, Ticketfly.com is offline,” a message on the site read. “We’ve engaged leading third-party forensic and cybersecurity experts to investigate and help us address the issue, and have done this with your security top of mind.
While Ticketfly did not say how many customer accounts were breached, the data-breach-tracking website haveibeenpwned.com said more than 26 million accounts were affected.
Last year, San Francisco-based Eventbrite bought Ticketfly from Pandora Media Inc. P, +3.19% for about $200 million.
The site’s takedown left a number of promoters and music and comedy clubs in the lurch for upcoming shows.