Adele fans’ credit card details reportedly exposed in online ticketing glitch

Adele fans’ credit card details reportedly exposed in online ticketing glitch
Credit: Christopher Macsurak

Numerous Adele fans in the UK have reported that they were presented with other people’s credit card details when attempting to buy tickets online for the singer’s upcoming European tour.

Several fans told the BBC that when they tried to complete their purchase, they were taken to checkout pages listing tickets for other shows than the ones they had selected, along with personal information that wasn’t their own.

Ever been to a tech festival?

TNW Conference won best European Event 2016 for our festival vibe. See what's in store for 2017.

It’s possible that live concert tracking and ticketing service Songkick, which ran the sale, had a glitch in its system that caused the mix-up. The company said in a statement:

Due to extreme load experienced this morning, some of our customers were incorrectly able to preview limited account information belonging to other customers.

There’s no evidence that this included credit card numbers or passwords. We take the privacy of our users very seriously, and we’re looking further into the matter to ensure it doesn’t happen again.

Security consultant Graham Cluely told the BBC that the incident “certainly sounded” like a security breach. He said, “This is the sort of thing which should be impossible, even if the website is very busy. It sounds like the website [code] has been written insecurely.”

Cluely’s explanation doesn’t make it sound like a breach at all, but rather just a buggy site struggling under a massive load.

It isn’t clear how many users were affected, but the number could run into the thousands given that Adele’s tour spans over 30 shows in large venues across Europe.

Update: Songkick has issued a statement:

Songkick was responsible for selling 40% of tickets directly to fans, a portion of whom were unfortunately able to preview other users’ shopping carts for brief periods due to extreme load. At no time was anyone able to access another person’s password, nor their payment or credit card details (which are not retained by Songkick). We take the security of our users and Adele’s fans very seriously, and we apologize for the alarm we have caused to those purchasers who experienced issues.

Adele tickets: Fans claim personal data has been breached [BBC News]

Read next: WeTransfer reveals Getty Images as its first partner after opening developer API

Here's some more distraction

Comments