IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ticketmaster fined $10 million for hacking into rival’s systems

A former Crowdsurge employee provided Ticketmaster execs with credentials to access an internal password-protected system

Ticketmaster has been fined $10 million (£7.3 million) after senior staff used stolen credentials to illegally access an industry rival’s password-protected platform as part of a scheme to “choke off” the competition.

The fine has been levied by the US Department of Justice following years of legal proceedings, with Ticketmaster having been charged with several counts of computer intrusion and fraud with regards to breaching the systems of its competitor, Crowdsurge.

These charges centre on an anticompetitive scheme Ticketmaster devised after an ex-Crowdsurge employee, who moved to the firm in 2013, emailed executives URLs as well as multiple sets of usernames and passwords to access an internal tool. The intrusion, which lasted until 2015, informed a conscious strategy to “cut [Crowdsurge] off at the knees”.

“Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” said acting US attorney Seth DuCharme.  

“Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic. Today’s resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court.”

While Ticketmaster sells and distributes tickets for events and concerts, Crowdsurge offers artists the ability to sell presale tickets in advance of general sales. The Artist Toolbox, which Ticketmaster illegally infiltrated, is an app that provides real-time data about tickets sold through the company.

The employee, known as coconspirator-1, emailed the former head of Ticketmaster’s Artist Services division, Zeeshan Zaidi, as well as a second executive, multiple account credentials for Toolboxes. Coconspirator-1 encouraged them to “screen-grab the hell out of the system”, with this information subsequently used to prepare a presentation for other executives intended to ‘benchmark’ Ticketmaster’s offerings against Crowdsurge’s

As part of a presentation company summit in May 2014, coconspirator-1 used multiple usernames and passwords he had retained from his employment to log-into Toolbox. He also provided executives with confidential financial documents. 

This led to a promotion and pay rise, with the former Crowdsurge employee then emailing a colleague to say “now we can really start to bring down the hammer” on the victim company. Ticketmaster employees continued to access the password-protected platform until December 2015, according to the US Department of Justice.

It’s illegal for employees to take certain information with them when they move from one workplace to another, and in the UK constitutes a violation of the Computer Misuse Act (CMA). Various historic studies have illustrated how much of a threat this practice is to businesses, with one study in 2016 suggesting a third of ex-workers break the CMA in this way.

“Ticketmaster terminated both Zaidi and Mead in 2017," a spokesperson told IT Pro, "after their conduct came to light. Their actions violated our corporate policies and were inconsistent with our values. We are pleased that this matter is now resolved.”

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022