Ticketmaster fined $10 million after hack of business rival

Read Time:2 Minute, 42 Second

Ticketmaster fined $10 million after hack of business rival

The US Department of Justice has announced that Ticketmaster has been fined $10 million for repeatedly accessing a competitor’s computer systems.

A former employee of ticketing company CrowdSurge, a firm that provided services for running and managing ticket sales on behalf of artists, lies at the centre of the case.

Although not named by the Department of Justice in its legal documents about the case, the media has named the man as Stephen Mead.

In 2012 Mead left CrowdSurge, signing a separation agreement worth $52,970 that he would not disclose or retain confidential information from Crowdsurge such as client lists, passwords, marketing strategies, and financial information.

Mead subsequently joined Ticketmaster, where he is said to have shared sensitive information including usernames and passwords with his new colleagues that allowed them to unlawfully access business information including data on purchases of presale tickets through his former employer.

According to the Department of Justice, the former CrowdSurge employee told his fellow workers to:

“screen-grab the hell out of the system”

but also warned:

“I must stress that as this is access to a live [victim company] tool I would be careful in what you click on as it would be best not [to] giveaway that we are snooping around.”

Astonishingly, on one occasion, at an Artist Services Summit in San Francisco, a password-protected area of Crowdsurge’s systems was brazenly logged into using credentials stolen from the company, in front of at least 14 Ticketmaster employees to demonstrate the competitor’s features.

Internal and confidential financial documents the man had retained during his employment at CrowdSurge were also shared with Ticketmaster executives.

Sign up to our newsletter
Security news, advice, and tips.

Crowdsurge went on to merge with concert ticket firm Songkick in 2015.

In 2018, Live Nation – the parent company of Ticketmaster – agreed to acquire Songkick’s parent company as part of a $110 million settlement to resolve a lawsuit.

Zeeshan Zaidi, Ticketmaster’s former head of Artist Services and Stephen Mead’s boss, pleaded guilty in October 2019 to wire fraud and conspiring to commit computer intrusions.

Both Zaidi and Mead had their employment terminated in 2017 after their conduct came to, says Ticketmaster:

“Their actions violated our corporate policies and were inconsistent with our values. We are pleased that this matter is now resolved.”

Never forget that your may have employees privileged access to knowledge about how your company works, and the means to access your data. Don’t just get them to sign an agreement that they’ll maintain confidentiality after they leave your employment, ensure that passwords are also changed so they won’t be tempted to break the law.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

About Post Author

admin

Founder, The Internet Crime Fighters Org [ICFO], and Sponsor, ICFO's War On Crimes Against Our Children Author The Internet Users Handbook, 2009-2014
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleppy
Sleppy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: