Business News Digital Legal Live Business

Alleged Ticketfly hacker charged with extortion

By | Published on Thursday 27 February 2020


A criminal action has been launched in the US against the man accused of hacking the Ticketfly website in 2018, exposing the personal information of around 27 million of the ticketing firm’s customers, and forcing its operations offline entirely for several days.

When the Ticketfly website went down at the end of May 2018, the company – by that point owned by Eventbrite – said that “following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly has been the target of a cyber incident”.

It went on: “Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible. Please check back later”.

In subsequent statements, the company confirmed it had been hacked and – while no credit or debit card information had been accessed – other personal information linked to about 27 million Ticketfly accounts had been taken.

At the time, Vice’s tech site Motherboard reported that it had spoken to the hacker, who went by the ID IsHaKdZ. He told the Vice site that he’d warned the ticketing company of a vulnerability that gave him access to the firm’s entire database and website. He’d apparently offered to explain what that vulnerability was in return for one bitcoin.

IsHaKdZ is seemingly Moulay O Ishak, who is now facing criminal charges for “extortion in relation to damage to a protected computer”. Legal papers filed by the FBI earlier this month say that the maximum penalty for that crime is three years in jail and a $250,000 fine.

Outlining the alleged crime, the FBI’s papers state: “On or about 27 May 2018, and continuing to at least 31 May 2018, in the Northern District of California and elsewhere, the defendant, with intent to extort from Ticketfly money and other things of value, transmitted in interstate and foreign commerce a communication containing a demand and request for money and other things of value in relation to damage to a protected computer, to wit, Ticketfly’s servers, where such damage was caused to facilitate the extortion”.

Eventbrite has welcomed the development. It said in a statement: “We’re pleased to see that the alleged perpetrator of the malicious attack on Ticketfly that occurred in 2018 has been identified and indicted. We appreciate the efforts of the FBI and the United States Attorney’s Office in their continued pursuit of justice and for seeking closure for all involved”.