Ticketmaster to pay $10 million criminal penalty after hacking rival ticket seller
Ticketmaster and parent company Live Nation have admitted to hiring a former employee from rival ticket seller CrowdSurge, which merged with Songkick, and using his knowledge including old usernames and passwords to “cut the company off at its knees.” Under the terms of the settlement, Ticketmaster has agreed to pay a criminal penalty of $10 million and maintain a “compliance and ethics program designed to prevent and detect violations” of computer-hacking laws as well as to prevent the “unauthorized and unlawful acquisition of confidential information belonging to competitors.” Ticketmaster is also required to report to the U.S. Attorney’s Office annually for the next three years about the company’s compliance with the measures.
The allegations were reported in 2017 after CrowdSurge sued Live Nation for antitrust violations. According to court documents and previous reports, Live Nation hired a former CrowdSurge employee named Stephen Mead in 2013. Ticketmaster executives including now-fired Zeeshan Zaidi pressured Mead to turn over his former employer’s information once he transitioned into his new role. Mead assisted Ticketmaster through logging into pages with analytics for artist management companies, providing information surrounding CrowdSurge’s operations, and even provided a “product review” of CrowdSurge at a 2014 company summit. Mead demonstrated the platform’s capabilities using old usernames and passwords during the presentation. Acting U.S. attorney Seth DuCharme said of the events,
“Ticketmaster employees repeatedly—and illegally—accessed a competitor’s computers without authorization using stolen passwords to unlawfully collect business intelligence…Further, Ticketmaster’s employees brazenly held a division-wide ‘summit’ at which the stolen passwords were used to access the victim company’s computers.”
In addition to the product demonstration at Ticketmaster’s company summit, Mead revealed that CrowdSurge used non-protected preview links for ticketing pages. Ticketmaster gathered a spreadsheet of every ticketing page it was able to find, which let the company identify which artists were using the service. They used the information to “dissuade” artists from doing so.
Ticketmaster lost access to CrowdSurge’s system in 2015, the same year that Songkick and CrowdSurge merged. Ticketmaster subsequently settled the antitrust lawsuit for $110 million, agreeing to buy Songkick’s remaining assets.
Ticketmaster expressed satisfaction with the outcome in a statement. A spokesperson told The Verge,
“Ticketmaster terminated both Zaidi and Mead in 2017, after their conduct came to light. Their actions violated our corporate policies and were inconsistent with our values. We are pleased that this matter is now resolved.”
H/T: The Verge
Featured image: Associated Press