Rub shoulders with leading experts and industry disruptors at TNW Conference →

The heart of tech

This article was published on December 1, 2015


Adele fans’ credit card details reportedly exposed in online ticketing glitch

Adele fans’ credit card details reportedly exposed in online ticketing glitch
Abhimanyu Ghoshal
Story by

Abhimanyu Ghoshal

Managing Editor

Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and culture. Hit him up on Twitter, or write in: [email protected].

Numerous Adele fans in the UK have reported that they were presented with other people’s credit card details when attempting to buy tickets online for the singer’s upcoming European tour.

Several fans told the BBC that when they tried to complete their purchase, they were taken to checkout pages listing tickets for other shows than the ones they had selected, along with personal information that wasn’t their own.

It’s possible that live concert tracking and ticketing service Songkick, which ran the sale, had a glitch in its system that caused the mix-up. The company said in a statement:

Due to extreme load experienced this morning, some of our customers were incorrectly able to preview limited account information belonging to other customers.

There’s no evidence that this included credit card numbers or passwords. We take the privacy of our users very seriously, and we’re looking further into the matter to ensure it doesn’t happen again.

Security consultant Graham Cluely told the BBC that the incident “certainly sounded” like a security breach. He said, “This is the sort of thing which should be impossible, even if the website is very busy. It sounds like the website [code] has been written insecurely.”

Cluely’s explanation doesn’t make it sound like a breach at all, but rather just a buggy site struggling under a massive load.

It isn’t clear how many users were affected, but the number could run into the thousands given that Adele’s tour spans over 30 shows in large venues across Europe.

Update: Songkick has issued a statement:

Songkick was responsible for selling 40% of tickets directly to fans, a portion of whom were unfortunately able to preview other users’ shopping carts for brief periods due to extreme load. At no time was anyone able to access another person’s password, nor their payment or credit card details (which are not retained by Songkick). We take the security of our users and Adele’s fans very seriously, and we apologize for the alarm we have caused to those purchasers who experienced issues.

Adele tickets: Fans claim personal data has been breached [BBC News]