Looks Like Moshtix Just Got Hacked, Splendor In The Grass Ticket Buyers Gouged

Moshtix, Australia's largest ticket website, has just been hacked wide open, with customers now reporting money going missing while being sent spam and scam emails asking for credit card information. The backlash is massive.

Hackers appear to have breached the site, stealing information on registered Moshtix users who had signed up for the Splendor In The Grass pre-sale.

From the looks of screenshots exclusively obtained by Gizmodo, hackers then went and charged customers an insane credit card surcharge to either redirect cash into their own pockets or simply wreak havoc on the Moshtix customers that had previously been hacked.

This screenshot of a ticket sale shows that the cost of a three-day show ticket and camping pass has been augmented, as was the cost of the credit card surcharge, which came to nearly $3500.

The hackers looked to even brag about the breach on the Event Details page of Splendor In The Grass, offering others the chance to buy the data lists of customers.

The issue occurred during the pre-sale for Splendour In The Grass, with Moshtix covering its own arse saying that it was a "technical issue".

During today’s Splendour in The Grass on-sale, due to technical issues some customers were erroneously offered reduced priced tickets and charged incorrect credit card fees.
All of these affected orders will be cancelled today, and customers contacted to allow them to purchase at the correct prices. This was an isolated technical issue that did not affect other ticket buyers and tickets are continuing to sell fast for the festival.
Anyone that is concerned they have been charged the incorrect amounts should contact moshtix at ticketsupport.moshtix.com.au

A few customers on the Moshtix Facebook page report getting spam emails already:

I recieved (sic) an email from someone asking for my credit card detail claiming to be moshtix how ever im not sure whether or not to trust the email address so im double checking whether its you or not Moshtix

We're reaching out to Moshtix for more info.

This isn't the first time Splendor has been victim to a ticket sale issue. A Westpac banking outage led to the sale being suspended in recent years.



    Lame, always some douchebags out there wanting to make life difficult for regular people. Do they think that people will think they're cool and awesome for doing stuff like this? I just don't get it :\.

      Um fairly sure they dont give a shit wont people think about them and are doing it purely to try and make money

        No, these are either kids, morons, or both. It'd be easy to scam a lot of money through hacking a site like this, but with this idiotic, ham-fisted approach nothing much will come of it- people found out about the problem fast and can have all that credit card money refunded.
        Talicca is right, they're just douchebags.

          refunding money only fixes the customer side

          most likely they will still keep the money frauded

          so its the merchant facility/bank/vendor that loses out

            From what I've read on the subject the transaction is reversed and no money goes to the other party.

      They are taking advantage of a situation, Moshtix's inability to secure its network situation.

      By all means be annoyed with the perpetrator but be angry at Moshtix for letting this happen. My 2c.

    Petition on change.org: https://www.change.org/en-AU/petitions/moshtix-splendour-in-the-grass-2014-cancel-all-tickets-reschedule

      And when the people that did get tickets this round miss out next time ...
      Hardly fair.

        There may not be any choice at this point that seems perfectly fair. All you can do is pick the best action based on current state. In my view the system malfunctioned. Some people won and some people lost as a result of this malfunction. But, either way, the system did not function as intended and tickets were not issued correctly (essentially they were supposed to be issued first-come, first served). In this case, I believe the best option would be to invalidate all results and start again. You can be certain that if it were a lottery (for example), no winnings would be paid if any sort of malfunction was detected. A "win" from a malfunctioning system isn't valid. Of course, the person that won won't like this, but it is the right thing to do.

    "Australia’s largest ticket website"??
    I'm pretty sure ticketek and ticketmaster would disagree with you on this point.

      I'm sure Ticketek will also disagree..

      Also never bought from Moshtix, it's either OzTix, TicketMaster or Ticketek..

    I think the author might of meant 'Largest Australian owned ticket website'

      I think you'll find that is Ticketek founded in 1979 by Nine Entertainment.

    I bet it was that arsehole Robert"); UPDATE users SET password="password" WHERE username="admin";--

    Little turd always ruins everyone's fun.

    Err, I love the fact that the (hackers) script-kiddies used a guerrillamail email address (@sharklasers.com). True, it's anonymous, but what it means is you, or I, or the AFP can go to guerillamail and access that email to read their (latest) messages (which self-destruct after an hour).


    This article is fraught with errors. Pick up your game Gizmodo

    maybe you should pick up your hampster, the game is changed.

    Last edited 02/05/14 9:25 pm

    Just because you can't see the utility they derived from it doesn't mean there wasn't a method to this madness.

    This seems like a typical entry level ritual. Black hats don't always hack for money - actually it's kinda rare but for cred. That cred can make them a name in the black hat community - which may in turn lead to more lucrative jobs, either as a pen tester/white hat or entry into more nefarious schemes.

Join the discussion!

Trending Stories Right Now