Skip to main content

Ticketmaster fined $10m for using stolen credentials to snoop on competitor

Ticketmaster has been fined as much as $10 million by a U.S. court for illegally accessing the computer systems of competitor CrowdSurge to gain insight into the latter’s offerings and to monitor the latter’s draft ticketing web pages.

Ticketmaster agreed to pay the massive fine after pleading guilty to using stolen credentials to gain access to CrowdSurge’s IT systems in order to acquire business intelligence, understand the competitor’s plans and offerings, and curate its strategies to dominate the market.

The crime first took place when a senior employee at CrowdSurge left the company in 2012, joined Live Nation- the parent company of Ticketmaster in the following year, and proceeded to share the URLs for draft ticketing web pages that CrowdSurge had built for an artist with Zeeshan Zaidi, the then head of Ticketmaster’s Artist Services division and with another Ticketmaster employee.

In 2014, the employee went on to share multiple sets of usernames and passwords for Toolboxes with Ticketmaster employees. Toolboxes are password-protected apps offered by CrowdSurge to clients through which clients can monitor ticket sales in real-time. The employee then encouraged Ticketmaster staff to “screen-grab the hell out of the system,” while telling them to “be careful in what you click on as it would be best not [to] giveaway that we are snooping around.”

By 2015, the truant employee not only used and shared login credentials to access CrowdSurge’s systems to derive as much information as he could for the benefit of his new employer, he shared internal and confidential financial documents he had retained from his employment at CrowdSurge, and also created a presentation to demonstrate how Ticketmaster’s presale online offering compared with the Toolbox.

“After joining Live Nation, Coconspirator-1 explained to Zaidi and others how the “store ID” numbers in the URLs were numbered sequentially, enabling Ticketmaster employees to monitor new pages and to learn which artists planned to use the victim company to sell tickets. Coconspirator-1 used this information to search for new victim company ticketing web pages, and sent the URLs to Ticketmaster executives,” said the U.S. Department of Justice.

“In or about January 2015, a Ticketmaster employee was assigned to learn about this system from Coconspirator-1 and maintained a spreadsheet listing every victim company ticketing web page that could be located, so that Ticketmaster could identify the victim company’s clients and attempt to dissuade them from selling tickets through the victim company. Zaidi explained that “we’re not supposed to tip anyone off that we have this view into [the victim company’s] activities.”

“Ticketmaster employees repeatedly – and illegally – accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence. Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers, as if that were an appropriate business tactic,” said Acting U.S. Attorney Seth D. DuCharme.

“Today’s resolution demonstrates that any company that obtains a competitor’s confidential information for commercial advantage, without authority or permission, should expect to be held accountable in federal court.”

“When employees walk out of one company and into another, it’s illegal for them to take proprietary information with them. Ticketmaster used the stolen information to gain an advantage over its competition, and then promoted the employees who broke the law. This investigation is a perfect example of why these laws exist – to protect consumers from being cheated in what should be a fair market place,” said FBI Assistant Director-in-Charge Sweeney.

ALSO READ: U.S. cyber security experts see recent spike in Chinese digital espionage


All rights reserved Teiss Recruitment Ltd.