Ticketfly.com data breach
I was notified by Have I Been Pwned that my Name, E-Mail address, Mailing addresses and phone numbers were dumped publicly online as part of the ticketfly.com data ransom involving 26 million account records. Motherboard reports the attacker requested a ransom of 1BTC (~$7500). It's unclear if the request was ignored intentionally, or overlooked. In theory, it would have cost ticketfly.com $0.000288 to protect my customer record. Now the dark web knows I always buy tickets to see They Might Be Giants.
Would I pay the 1BTC ransom?
It's common advice that a blackmailer will never stop asking for more money. It's also safe to assume that just because the hacker doesn't publicly dump the data immediately, she/he will still be selling it on the black market.
However this is a low-cost ransom request. Paying the ransom may buy time to fix the vulnerability, and perhaps could have kept ticketfly online. I'm told that venues cannot buy, sell, or verify tickets for concerts this weekend. This is going to cause probably more than $7500 in damage to every ticketfly venue.
I'd would have paid the ransom.
What would you do?
Top comments (9)
If I had confidence that paying the ransom would help keep the data truly secure and not paying it would result in the opposite, $7,500 is a tiny amount.
Of course, I don't think negotiating a ransom is that straightforward.
I'd think of the $7500 payment as a wager with bad odds, considering there can be no confidence when somebody is blackmailing you.
Well I could sell everything I own from my guitar collection to my car and I would have about £3000 if I'm very luck so I don't think I'd pay that lol maybe if I was skilled enough I would hold other people to ransom to pay mine! Aha (joking btw)
They can't have my guitars, but if they took my old Peavy amp, then I could finally justify buying a new one!
A couple things can mitigate the "need to pay" thing:
While neither of these protect you from "sharing" your data with the world, they do prevent you from being denied access to your data or your ability to function:
Yeah, the holes are still there (though, if you automate your deployments, it's at least likely that any given point of entry doesn't stay available sufficiently-long to be wholly compromised).
Does that help you against buggy, vulnerable code and not protecting your data in-flight or at rest? No. But if you're doing things right, those things are also taken care of in your designs.
But, in the end, it comes down to, if faced with the nightmare-scenario, what's the least-costly way to get back online is probably the choice you make.
You highlight critical points: Automated backups, and a tested disaster recovery plan. I don't know how people think they can live without them.
Nope, I have to charge it to the game(take the L).
Modern technologies give criminals new opportunities for manipulation and extortion. From fake compromising materials to hacking personal accounts, scammers stop at nothing, which is why it is important in such situations to contact extortiononline.com, which offers professional help in the fight against blackmailers. Specialists analyze the threat, assess risks and develop a strategy.
If you are as interested in games as I am, then you should definitely take a look at this wonderful site where you can try to play online - lincoln casino, personally, when I have a question where I could play online, I don't think long and go to this site in order to have a good time and possibly hit the jackpot!