IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ticketmaster fined $10 million for hacking into rival’s systems

A former Crowdsurge employee provided Ticketmaster execs with credentials to access an internal password-protected system

Ticketmaster has been fined $10 million (£7.3 million) after senior staff used stolen credentials to illegally access an industry rival’s password-protected platform as part of a scheme to “choke off” the competition.

The fine has been levied by the US Department of Justice following years of legal proceedings, with Ticketmaster having been charged with several counts of computer intrusion and fraud with regards to breaching the systems of its competitor, Crowdsurge.

These charges centre on an anticompetitive scheme Ticketmaster devised after an ex-Crowdsurge employee, who moved to the firm in 2013, emailed executives URLs as well as multiple sets of usernames and passwords to access an internal tool. The intrusion, which lasted until 2015, informed a conscious strategy to “cut [Crowdsurge] off at the knees”.

“Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” said acting US attorney Seth DuCharme.  

“Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic. Today’s resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court.”

While Ticketmaster sells and distributes tickets for events and concerts, Crowdsurge offers artists the ability to sell presale tickets in advance of general sales. The Artist Toolbox, which Ticketmaster illegally infiltrated, is an app that provides real-time data about tickets sold through the company.

The employee, known as coconspirator-1, emailed the former head of Ticketmaster’s Artist Services division, Zeeshan Zaidi, as well as a second executive, multiple account credentials for Toolboxes. Coconspirator-1 encouraged them to “screen-grab the hell out of the system”, with this information subsequently used to prepare a presentation for other executives intended to ‘benchmark’ Ticketmaster’s offerings against Crowdsurge’s

As part of a presentation company summit in May 2014, coconspirator-1 used multiple usernames and passwords he had retained from his employment to log-into Toolbox. He also provided executives with confidential financial documents. 

This led to a promotion and pay rise, with the former Crowdsurge employee then emailing a colleague to say “now we can really start to bring down the hammer” on the victim company. Ticketmaster employees continued to access the password-protected platform until December 2015, according to the US Department of Justice.

It’s illegal for employees to take certain information with them when they move from one workplace to another, and in the UK constitutes a violation of the Computer Misuse Act (CMA). Various historic studies have illustrated how much of a threat this practice is to businesses, with one study in 2016 suggesting a third of ex-workers break the CMA in this way.

“Ticketmaster terminated both Zaidi and Mead in 2017," a spokesperson told IT Pro, "after their conduct came to light. Their actions violated our corporate policies and were inconsistent with our values. We are pleased that this matter is now resolved.”

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022
An analysis of the European cyber threat landscape
Whitepaper

An analysis of the European cyber threat landscape

8 Jul 2022
Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022