Ticketfly Data Breach
Ticketfly Event Ticketing Platform Breach (2018): 26 Million Customer Records Including Home Address & Phone Exposed :: Website Taken Offline
Event ticketing platform (now defunct, acquired by Eventbrite)
Risk Interpretation
Exposure enables phishing, ticket fraud, account takeover, and event-themed impersonation. Purchase history can also reveal schedules, venues, and social behavior.
Impact & Downstream Threats
entity_breach_impact:
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Ticketfly, an event ticketing distribution service, had its website defaced by an attacker in May 2018 after the company did not respond to a ransom demand. The attacker had discovered a vulnerability and sought payment in exchange for disclosing it. When Ticketfly did not reply, the attacker posted the stolen data to a publicly accessible location and took the site offline. The breach exposed records tied to over 26.2 million accounts. The leaked data included email addresses, full names, phone numbers, and physical home addresses. No passwords appeared in the publicly posted files, but Ticketfly later acknowledged that hashed password values may also have been accessed during the intrusion. For affected individuals, the combination of contact details and home addresses creates real exposure: the data is enough to enable phishing attempts, account takeover efforts, and targeted scams built around event attendance and purchasing history. No widely reported regulatory enforcement action followed the breach, though Ticketfly issued a public incident update disclosing the potential password exposure. Affected individuals face ongoing risk from phishing and impersonation, particularly messages mimicking ticketing platforms or live event brands. Those who reused passwords across services should treat any accounts sharing Ticketfly credentials as compromised.
About Ticketfly
entity_overview:
Why They Hold Your Data
Event-ticketing platforms collect buyer identity, contact details, payment-adjacent records, order history, venue interactions, and attendance-linked data across ticket-commerce workflows.
Recent Developments
Defunct
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, full_name, phone_number, physical_address
Dark Web Verification
- Dataset containing ~26.2M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Ticketfly Data Breach;ticketfly.com-2018
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Ticketfly
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam