You won't want to miss out on the world-class speakers at TNW Conference this year 🎟 Book your 2 for 1 tickets now! This offer ends on April 22 →

This article was published on December 1, 2015

Adele fans’ credit card details reportedly exposed in online ticketing glitch


Adele fans’ credit card details reportedly exposed in online ticketing glitch

Numerous Adele fans in the UK have reported that they were presented with other people’s credit card details when attempting to buy tickets online for the singer’s upcoming European tour.

Several fans told the BBC that when they tried to complete their purchase, they were taken to checkout pages listing tickets for other shows than the ones they had selected, along with personal information that wasn’t their own.

It’s possible that live concert tracking and ticketing service Songkick, which ran the sale, had a glitch in its system that caused the mix-up. The company said in a statement:

Due to extreme load experienced this morning, some of our customers were incorrectly able to preview limited account information belonging to other customers.

There’s no evidence that this included credit card numbers or passwords. We take the privacy of our users very seriously, and we’re looking further into the matter to ensure it doesn’t happen again.

Security consultant Graham Cluely told the BBC that the incident “certainly sounded” like a security breach. He said, “This is the sort of thing which should be impossible, even if the website is very busy. It sounds like the website [code] has been written insecurely.”

Cluely’s explanation doesn’t make it sound like a breach at all, but rather just a buggy site struggling under a massive load.

It isn’t clear how many users were affected, but the number could run into the thousands given that Adele’s tour spans over 30 shows in large venues across Europe.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Update: Songkick has issued a statement:

Songkick was responsible for selling 40% of tickets directly to fans, a portion of whom were unfortunately able to preview other users’ shopping carts for brief periods due to extreme load. At no time was anyone able to access another person’s password, nor their payment or credit card details (which are not retained by Songkick). We take the security of our users and Adele’s fans very seriously, and we apologize for the alarm we have caused to those purchasers who experienced issues.

Adele tickets: Fans claim personal data has been breached [BBC News]

Get the TNW newsletter

Get the most important tech news in your inbox each week.