An update from moshtix CEO regarding Splendour in the Grass on sale
Written by Moshtix on 7th May, 2014
I wanted to give you a personal update on what happened during last Friday's Splendour in the Grass on sale. As many of you will know, we had an unprecedented situation where an area of our ticketing system that controls event details was accessed by an unauthorised user. Between 9.10am and 9.37am, this unauthorised access resulted in a few things happening;
1. A 50% discount was offered to a small number of ticket buyers; 13 orders were made at the discounted rate. All orders have been refunded and the affected customers given the chance to repurchase at the correct price.
2. The credit card surcharge level was changed, resulting in customers being incorrectly charged very high fees. A total of 422 customers were affected and all those customers have had the difference refunded to their credit cards.
3. A message was posted on the Splendour in The Grass event page suggesting data lists could be purchased from an online market place called Silk Road. This message was entirely false and was posted with the intention of causing concern and disruption to the on-sale process.
For obvious reasons, all of this caused a lot of concern amongst ticket buyers.
As a result of our immediate investigations into the problem, we established that the changes were being made by someone in a deliberate and unauthorised fashion (as opposed to there being some sort of 'bug' in the system or a change authorised by the event organiser via a self-service tool). We then immediately disabled access to the affected part of our system to prevent further changes being made, and we fixed the elements listed above. There was no further unauthorised access of our system after that point.
We then immediately instigated forensic analysis of what had happened through an independent firm who specialises in fraudulent e-commerce activity and we reported the incident to the Police. Following the update we provided on Friday, we can confirm that these investigations have uncovered the following;
1. The unauthorised access was limited to the "front end" area of our system that controls event configuration information for the Splendour in The Grass event (i.e. ticket prices, ticket fees, event info for the website etc).
2. Access to the system was gained through the unauthorised use of a legitimate single account username and password which was established for the Splendour in the Grass event. The investigation is ongoing and currently focussing on how these login details were obtained. We are continuing to work with Splendour in the Grass and our IT provider to try to determine the identity of the person or persons responsible.
3. At no time at all was access gained to any other parts of our system such as the areas that manage customer payment details, client bank account details etc.
4. At no time at all were customers' confidential information, in particular credit card details, viewed or downloaded from our system. We send encrypted cardholder data directly to our payment processor at the point of purchase and do not store the details in our system.
We are entirely confident that this will not happen again as a result of changes we have implemented since Friday.
In terms of why this person(s) did what they did, we can only speculate at this point. Our view is that it appears from the actions that the intention was to create confusion and concern and damage the moshtix brand.
It's obvious that those involved have scant regard for the impact this type of planned activity has on consumers and the industry generally. Further, this type of activity is illegal and we intend to pursue this matter to the fullest extent possible.
It's a real shame and frustration to everyone at moshtix that what should have been a day of celebration for the festival industry, with one of its most iconic and best loved festivals selling out in a challenging environment, that the focus of the day was on the unauthorised activities that caused the disruption.
I do want to apologise for any delay in us getting updates to you on Friday. We were doing our best to keep everyone, including the Splendour in The Grass organisers and the media in the loop with what was happening, however our immediate priorities on Friday were ensuring that we investigated and understood the nature of the disruption and impacts on our systems and on ticket buyers, and that sales for the festival were able to continue. In total, less than 500 customers were affected with incorrect bookings.
Due to the massive demand each year for Splendour in The Grass tickets, and in particular this year, obviously many customers missed out on securing tickets. As in previous years we encourage those who missed out to keep an eye on our website and Facebook page for any updates.
Thanks for taking the time to read, and we hope to see you at a live event soon.