Ticketmaster will pay $10 million for hacking rival ticket seller
Ticketmaster has agreed to pay $10 million for breaking into a competitors’ network. The company and its parent Live Nation admitted to hiring a former employee from rival ticket seller CrowdSurge, then using his knowledge — including old usernames and passwords — to learn CrowdSurge’s inner workings and “cut [the company] off at the knees.”
“Ticketmaster employees repeatedly — and illegally — accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence,” said acting US attorney Seth DuCharme. “Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers.”
The hacking allegations were reported in 2017 after CrowdSurge (which had merged with another company called Songkick) sued Live Nation for antitrust violations. According to court documents and previous reports, Live Nation hired a former CrowdSurge employee named Stephen Mead in 2013. Then, now-fired Ticketmaster executive Zeeshan Zaidi and other executives encouraged him to turn over his old employer’s secrets. That included logging into pages with analytics for artist management companies, getting a window into CrowdSurge’s operations. Ticketmaster even offered a “product review” of its far smaller rival at a 2014 company summit, asking Mead to log in and demonstrate its capabilities in a presentation.
In addition to actual password theft, Mead also revealed that his old employer used non-protected but difficult-to-find preview links for ticketing pages. Ticketmaster gathered a spreadsheet of every ticketing page it could find, letting it identify artists who were using the service and “dissuade” them from doing so.
Ticketmaster apparently lost access to the system by 2015, the same year CrowdSurge merged with Songkick. Songkick sued Live Nation and Ticketmaster for violating antitrust laws. But it soon sold or shut down its services, and in 2018, it accepted a $110 million settlement — plus an undisclosed sum to sell some of its remaining assets to Ticketmaster.
Today’s judgment defers prosecution under the Computer Fraud and Abuse Act. Ticketmaster must pay the fine in question, maintain clear policies to detect and prevent unauthorized computer intrusion, and present annual reports on its conduct for the next three years.
https://www.theverge.com/2020/12/30/22206955/ticketmaster-songkick-crowdsurge-hacking-deferred-prosecution-fine