You are here

HomeJohn Lister › Ticketmaster Fined $10M for Hacking Competitor

Ticketmaster Fined $10M for Hacking Competitor

John Lister's picture
by John Lister on January, 6 2021 at 04:01PM EST

Ticketmaster will pay a $10 million fine for computer fraud and hacking. The company admitted responsibility for hacking an unnamed rival with the help of an employee who had previously worked there.

The $10 million figure is calculated as the maximum $500,000 penalty for each of 20 cases of breaking the law through "unauthorized access of a protected computer." The fine is through a "deferred prosecution agreement" in which prosecutors hold off pursuing the case through the courts.

As part of the agreement, Ticketmaster admitted breaking the law and must cooperate with prosecutors investigating any other alleged wrongdoing. The agreement specifically bars Ticketmaster from denying it broke the law, for example by implying it only made the agreement to avoid the risk of a larger penalty.

It must also set up an internal ethics program to prevent staff from carrying out similar breaches in the future. (Source: arstechnica.com)

Former Staffer's Login Still Worked

The breaches involved two different types of "hacks" made possible by information from a former employee of the rival, who was later promoted to the post of director of client relations at Ticketmaster.

The first hack involved the former employee using login credentials from their former workplace to access accounts for presales of tickets. The former employee accessed the rival company's account in front of at least 14 employees of Ticketmaster and its parent company. (Source: justice.gov)

'Hidden' Event Pages Exploited

The second hack involved the former employee sharing the fact that the rival company used a sequential numbering system to create pages for events before they were intended for public view and tickets put on sale. The pages were online but only accessible by directly typing in the specific URL rather than following any links of finding them in a search engine.

Ticketmaster assigned a staff member to take advantage of this to hunt down such pages, thus finding out about events the rival company would be handling tickets for. Ticketmaster then contacted the events organizers to try to win their business.

What's Your Opinion?

Is the fine appropriate? Does it make any difference that the rival company had some security weaknesses? Should any of the individuals involved face personal prosecution?

Filed under:
Courts
| Tags:
former employee
,
ticketmaster
,
competitor
,
rival
,
fined
,
court
,
hacking
,
hack
Rate this article: 
Average: 5 (4 votes)

Comments

Dennis Faas's picture

Submitted by Dennis Faas on Wed, 01/06/2021 - 16:52

The systems administrator at the rival company should be reprimanded for allowing continued access to the company's systems even after the former employee was let go. Removing access is pretty standard procedure once an employee has been let go to avoid shenanigans such as this.

Lipl1_2237's picture

Submitted by Lipl1_2237 on Wed, 01/06/2021 - 19:20

Definite security failure on the part of the other company. If everything was done starting with HR then it would've been HR's job to notify all department to disable the account.

Navy vet's picture

Submitted by Navy vet on Wed, 01/06/2021 - 18:25

People need to go to jail for this stuff or it will continue.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.