in

Ticketmaster fined $10 million after staff hacked competitor to ‘choke off’ presale ticket business

Ticketmaster has been fined $10 million after staff admitted to hacking into a rival firm’s systems in order to “choke off” their presale ticket business.

Last week, the US Department of Justice (DoJ) said employees of Ticketmaster, a subsidiary of Live Nation Entertainment, “repeatedly” infiltrated the computers of a rival presale tickets seller. 

Ticketmaster offers a platform for purchasing tickets for events including concerts, attractions, and sports.

According to court documents (.PDF) filed in the US Eastern District Court of New York, a former employee of the victim firm — believed to be Songkick, which maintained a presence in both the UK and New York — left their post in 2012 to join Live Nation. 

Despite signing a confidentiality agreement before entering their new employment, this individual, instead, entered the heart of a scheme designed to disrupt the competitor’s business operations. 

The DoJ says that after joining Live Nation in 2013, the co-conspirator shared confidential information with Ticketmaster employees including the former head of the Artist Services division, Zeeshan Zaidi. 

Ticketmaster’s rival offered presale tickets before they were made available to the general public and created a password-protected app for artists to track their ticket sales, known as Toolboxes. 

The co-conspirator shared draft web pages built for artists, confidential URLs, financial documents, and sets of credentials for existing Toolbox accounts. In 2014, they warned Zaidi to be careful about snooping around in these systems, but also urged them to “screengrab the hell out of [it].”

By accessing Toolboxes and grabbing ticket sales data, Ticketmaster would then be able to benchmark its own performance against the rival and use this information in sales pitches. 

One of the overall goals was to “steal back one of [the victim company]’s signature clients,” US prosecutors said, and if successful, this would “choke off” the Ticketmaster rival, “cut[ting] them off at the knees.” 

In a move deemed “brazen” by the DoJ, a summit for Live Nation and Ticketmaster employees was held in San Francisco in the same year. A senior executive of Live Nation asked Zaidi and others to prepare a presentation comparing Ticketmaster presales to the rival’s Toolboxes, and the team obliged — by once again using the stolen passwords, in public. 

The unnamed conspirator was promoted and given a raise the year following. Ticketmaster employees continued to lurk in Toolboxes and maintained a spreadsheet of all account URLs until the end of 2015.

While the rival company became defunct in 2017, prosecutors were made aware of the scheme after Songkick launched an antitrust lawsuit against Live Nation in 2015. Live Nation settled the lawsuit and eventually acquired Songkick’s technological assets.  

Employees involved in the scheme were fired. US prosecutors filed five criminal counts against Ticketmaster, including wire fraud and conspiring to commit computer intrusion. In a separate but related case, Zaidi pled guilty to conspiring to commit computer intrusions and wire fraud. 

In order to resolve the case, Ticketmaster will pay a criminal penalty of $10 million and has agreed to submit to a three-year deferred prosecution agreement including the creation of a new compliance and ethics program. The ticket seller must also report to the United States Attorney’s Office annually until the agreement expires. 

Ticketmaster said, “we are pleased that this matter is now resolved.”

“Ticketmaster employees repeatedly — and illegally — accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” commented Acting US Attorney Seth DuCharme. “Today’s resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Source: Information Technologies - zdnet.com

T-Mobile discloses its fourth data breach in three years

The IT skills gap is a giant problem. Help fix it with these smart management moves