Moshtix users face bogus credit card charges in potential hack
Music fans have been hit with bogus credit card fees and face a potential privacy breach after the Moshtix website for Splendour in the Grass was compromised.
Music fans have been hit with bogus credit card fees and face a potential privacy breach after the Moshtix website for Splendour in the Grass was compromised this morning.
Tickets for the Byron Bay music festival went on sale at 9am, but within the first few hours of the sale, countless customers came forward to report thousands of dollars of credit card fees being added to their orders in the final stages.
In addition to the spurious charges, some customers reported seeing a message informing them that they could "Buy Moshtix data lists" from online black market Silk Road.
Shortly after tickets went on sale, Moshtix took to its Facebook page to acknowledge the problem, which it described as a "technical issue" rather than a straight out hack:
During today’s Splendour in the Grass on-sale, due to technical issues some customers were erroneously offered reduced priced tickets and charged incorrect credit card fees.
All of these affected orders will be cancelled today, and customers contacted to allow them to purchase tickets at the correct prices. This was an isolated technical issue that did not affect other ticket buyers, and tickets are continuing to sell fast for the festival.
In response to speculation regarding unauthorised / illegal access of personal information, we can confirm that no credit card information has been compromised during the technical issues experienced this morning.
Anyone that is concerned they have been charged the incorrect amounts should contact moshtix.
Moshtix users responded by sharing screen caps of booking pages, showing erroneous credit card fees in the order of AU$1000 to AU$2400 on top of the regular ticket prices. Some screen caps also showed a link for buying data lists, potentially indicating a hack on the booking site.
Although Moshtix has promised to provide tickets to affected customers, as of midday today, the Moshtix site showed an "Allocation Exhausted" message for all ticket types, aside from camping passes.
CNET contacted Moshtix for the comment on the incident and received the following response:
We are currently undergoing an investigation into the issue and until that’s concluded, we probably can’t give much more detail in case it compromises the investigation.
I can confirm that moshtix customer passwords are encrypted and cannot be compromised.