Ticketmaster accepted pay a $ 10 million criminal fine after admitting that his employees repeatedly used stolen passwords and other means to hack a rival ticket company.
The fine, part of a deferred prosecution agreement Ticketmaster has reached with federal prosecutors, resolves criminal charges filed last week in federal court in the Eastern District of New York. The charges include violations of the law on computer fraud and abuse, computer intrusion for business advantage or private financial gain, computer intrusion in the prosecution of fraud, conspiracy to commit electronic fraud and electronic fraud.
In the settlement, Ticketmaster admitted that an employee who previously worked for a rival company had emailed login information for several accounts the rival used to manage presale ticket sales. At a meeting in San Francisco attended by at least 14 employees from Ticketmaster or its parent company Live Nation, the employee used a set of credentials to log into an account to demonstrate how it worked. .
The employee, who was not identified in court documents, then provided Ticketmaster executives with internal and confidential financial documents he had kept from his former employer. The employee was then promoted to director of customer relations and received a raise. Court documents did not identify the rival company, but Variety reported that it was Songkick, which in 2017 filed a complaint accusing Ticketmaster of having hacked its database. A few months later, Songkick went bankrupt.
The charges against Ticketmaster come 26 months after Zeeshan Zaidi, the former head of Ticketmaster’s artist services division, pleaded guilty in a related case to conspiracy to hack the rival company and engage in fraud by thread. According to prosecutors, the former rival employee sent the login credentials to Zaidi and another Ticketmaster employee.
“When employees leave one company to go into another, it is illegal for them to take confidential information with them,” FBI Deputy Director William Sweeney Jr. said in one report. declaration. “Ticketmaster used stolen information to gain an advantage over its competition, then promoted employees who broke the law.”
In addition to providing login information, the former employee also showed Ticketmaster managers how to exploit a flaw in the URL generation scheme used by the rival for unpublished ticketing web pages. To prevent pages from being viewed by third parties before they were made public, each had a unique numeric value. The former employee told his new employer that the values were generated sequentially and that outsiders could use this information to view artist pages while they were still in the early stages of drafting.
In early 2015, Ticketmaster tasked one of its employees to learn about this system and use it to maintain a spreadsheet listing all of the ticketing web pages that could be located. Ticketmaster would then identify the rival company’s customers and “try to dissuade them from selling tickets through the victim company,” federal prosecutors said. Zaidi, prosecutors added, explained: “We are not supposed to inform anyone that we have this view on [the victim company’s] Activities. “
In addition to paying the $ 10 million fine, Ticketmaster also agreed to maintain a compliance and ethics program designed to prevent and detect future hacks and illegal acquisitions of confidential information from competitors. Representatives for Live Nation did not respond to a message requesting comment for this post.
This story originally appeared on Ars Technica.
More WIRED stories