Cyber Security

Ticketmaster fined $10 million for hacking rival firm


Ticketmaster was fined with $10 million when a staff admitted to hacking into a competitor’s systems in order to prevent their presale ticket business.

According to the US Department of Justice (DoJ), employees of Ticketmaster, a subsidiary of Live Nation Entertainment, infiltrated the computers of a rival presale tickets seller repeatedly.

Ticketmaster provides a platform for purchasing tickets for events such as concerts, attractions, and sports.

As per the court documents filed in the US Eastern District Court of New York, a former employee of the victim firm — believed to be Songkick, which maintained a presence in both the UK and New York — left their post in 2012 to join Live Nation.

Despite signing a confidentiality agreement before entering their new employment, this individual, instead, entered the heart of a scheme designed to disrupt the competitor’s business operations.

After joining Live Nation in 2013, the co-conspirator shared confidential information with Ticketmaster employees including the former head of the Artist Services division, Zeeshan Zaidi.

Ticketmaster’s rival offered presale tickets before they were made available to the general public and created a password-protected app for artists to track their ticket sales, known as Toolboxes.

The co-conspirator shared draft web pages built for artists, confidential URLs, financial documents, and sets of credentials for existing Toolbox accounts.

By accessing Toolboxes and grabbing ticket sales data, Ticketmaster would then be able to benchmark its own performance against the rival and use this information in sales pitches.

The US prosecutors stated that the goal was to steal back one of the victim company’s signature clients and if successful, this would “choke off” the Ticketmaster rival.

A summit for Live Nation and Ticketmaster employees was held in San Francisco and a senior executive of Live Nation asked Zaidi and others to prepare a presentation comparing Ticketmaster presales to the rival’s Toolboxes. The team did it by using the stolen passwords.

The unnamed conspirator was promoted and the Ticketmaster employees continued to lurk in Toolboxes and maintained a spreadsheet of all account URLs until the end of 2015.

In 2017, when the rival company became defunct, Songkick launched an antitrust lawsuit against Live Nation. Live Nation settled the lawsuit and eventually acquired Songkick’s technological assets. 

Employees involved in the scheme were fired. US prosecutors filed five criminal counts against Ticketmaster, including wire fraud and conspiring to commit computer intrusion. In a separate but related case, Zaidi pled guilty to conspiring to commit computer intrusions and wire fraud.

To resolve the case, Ticketmaster must pay a criminal penalty of $10 million and has agreed to submit to a three-year deferred prosecution agreement including the creation of a new compliance and ethics program. They should also report to the United States Attorney’s Office annually until the agreement expires.

Acting US Attorney Seth DuCharme stated that Ticketmaster employees repeatedly — and illegally — accessed a competitor’s computers without authorization using stolen passwords in order to unlawfully collect business intelligence. This resolution must demonstrate that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, must expect to be held accountable in federal court.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    IndiGo’s server breached in hacking incident

    Previous article

    Secret backdoor found in ZyXel firewalls and AP controllers

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *