Ticketmaster claims a cyberattack in November 2022 caused major problems with ticket sales for Taylor Swift’s U.S. tour.
Joe Berchtold, president of Ticketmaster’s parent company Live Nation, made the announcement Tuesday before a US congressional committee.
“we […] We hit with 3x the amount of bot traffic we’d ever seen before, and for the first time in 400 verified fans sold, we came after a verified fan access code server,” Berchtold claimed. .
“While the bot was unable to penetrate our systems or obtain tickets, the attack forced us to slow down and even suspend sales. I deeply regret having been involved in the experience.”
At the hearing, Sen. Amy Klobuchar, chairman of the U.S. Senate’s Consumer Rights Committee, said, “The high fees, site disruptions, and cancellations customers have experienced are a testament to Ticketmaster’s dominant market position. , demonstrating that the company continues to innovate and is not facing pressure to innovate.” Improved. “
Berchtold said Ticketmaster could have extended sales “for a longer period” to prevent system overload and should do a “better job of setting fan expectations for getting tickets”. He admitted that the company should have done better.
Alexander Hyde Chief Research and Development Officer security scorecardI agree that Ticketmaster appears to have suffered a bot-led attack.
“Ticketmaster reported availability issues during Taylor Swift ticket sales [were] The result of a bot trying to get a ticket for resale. The high volume of requests created DDoS-like conditions, flooded with artificial traffic, and caused slowdowns and outages during flash sale events,” Heid said. Information security on mail.
Security experts say it’s difficult to mitigate an unexpected flood of traffic, but when traffic is expected, you can be prepared to scale with it.
“[With] Using techniques such as implementing bot filtering based on IP address reputation, user agents can mitigate some of the “junk traffic”, but for sophisticated operations, using home IPs and valid user agents Utilize bots to implement load balancing and CDN configurations. It will go a long way in helping your customers keep trading. ”
The congressional committee hearings come months after Ticketmaster rival See Tickets notified customers. serious violation their personal and financial information;
