Ticketfly hacker stole more than 26 million email and home addresses

The data does not include credit card numbers or passwords.

A hacker has leaked personal information for more than 26 million Ticketfly users after last week's data breach. That's according to Troy Hunt, the founder of Have I Been Pwned, which lets you check whether your email address has been included in various data breaches.

The hacker posted several Ticketfly database files to a public server, and Hunt found that they contained 26,151,608 email addresses. Many users' names, phone numbers and home and billing addresses were also compromised. Ticketfly confirmed those personal details were included in the breach, but not the number of people affected. Nobody's credit card information or passwords were found in the files, but the hacker has threatened to post more data, presumably if their ransom demands are not met.

According to Motherboard, the hacker informed Ticketfly of a security vulnerability. The attacker demanded a ransom of one bitcoin to reveal the flaw and help fix it, but did not receive a response. The hacker then defaced the site, prompting the company to take it offline. Ticketfly is bringing its systems back online for clients (i.e. venues selling their own tickets), though its own website and app remain down for now.