Ticketfly.com data breach
I was notified by Have I Been Pwned that my Name, E-Mail address, Mailing addresses and phone numbers were dumped publicly online as part of the ticketfly.com data ransom involving 26 million account records. Motherboard reports the attacker requested a ransom of 1BTC (~$7500). It's unclear if the request was ignored intentionally, or overlooked. In theory, it would have cost ticketfly.com $0.000288 to protect my customer record. Now the dark web knows I always buy tickets to see They Might Be Giants.
Would I pay the 1BTC ransom?
It's common advice that a blackmailer will never stop asking for more money. It's also safe to assume that just because the hacker doesn't publicly dump the data immediately, she/he will still be selling it on the black market.
However this is a low-cost ransom request. Paying the ransom may buy time to fix the vulnerability, and perhaps could have kept ticketfly online. I'm told that venues cannot buy, sell, or verify tickets for concerts this weekend. This is going to cause probably more than $7500 in damage to every ticketfly venue.
I'd would have paid the ransom.
What would you do?
Top comments (7)
Well I could sell everything I own from my guitar collection to my car and I would have about £3000 if I'm very luck so I don't think I'd pay that lol maybe if I was skilled enough I would hold other people to ransom to pay mine! Aha (joking btw)
They can't have my guitars, but if they took my old Peavy amp, then I could finally justify buying a new one!
If I had confidence that paying the ransom would help keep the data truly secure and not paying it would result in the opposite, $7,500 is a tiny amount.
Of course, I don't think negotiating a ransom is that straightforward.
I'd think of the $7500 payment as a wager with bad odds, considering there can be no confidence when somebody is blackmailing you.
A couple things can mitigate the "need to pay" thing:
While neither of these protect you from "sharing" your data with the world, they do prevent you from being denied access to your data or your ability to function:
Yeah, the holes are still there (though, if you automate your deployments, it's at least likely that any given point of entry doesn't stay available sufficiently-long to be wholly compromised).
Does that help you against buggy, vulnerable code and not protecting your data in-flight or at rest? No. But if you're doing things right, those things are also taken care of in your designs.
But, in the end, it comes down to, if faced with the nightmare-scenario, what's the least-costly way to get back online is probably the choice you make.
You highlight critical points: Automated backups, and a tested disaster recovery plan. I don't know how people think they can live without them.
Nope, I have to charge it to the game(take the L).