How passwordless authentication would have prevented the Ticketmaster incident

What is open banking? Is it the future of financial services?

Data breaches have become increasingly common, and the Ticketmaster incident is a great example of how vulnerable companies can be when it comes to cybersecurity. In this blog post, we will discuss the famous Ticketmaster data breach and how passwordless authentication could have prevented it from happening.

Stealing passwords to steal artists

It all started when the former employee from a rival business—supposedly the now out-of-business Songkick—obtained multiple sets of usernames and passwords for the software of the victim company. These passwords were then shared with some executives at Ticketmaster, who were encouraged to “screen-grab the hell out of the system.” The ultimate goal was to win back the presale ticketing business for a major artist that was a client of the victim company. As reported by court documents, to do that the executives were effectively “choking off” the victim company and stealing some of their signature clients.

The executives even went so far as to use these passwords to access the software at a Ticketmaster internal summit, in front of at least 14 other Ticketmaster and Live Nation employees, according to the DoJ.

As commented by FBI assistant director William Sweeney Jr. in a statement, “When employees walk out of one company and into another, it’s illegal for them to take proprietary information with them. Ticketmaster used stolen information to gain an advantage over its competition, and then promoted the employees who broke the law.”

The incident had severe consequences for both Ticketmaster and its rival business. Ticketmaster, in particular faced significant financial losses due to legal settlements and reputational damage. Not only they had to pay a $10 million fine, but they also had to introduce a costly compliance and ethics program that prevents and detects hacks and similar episodes.

Passwordless solutions

The incident occurred due to the vulnerability of traditional password-based authentication systems—which are vulnerable to various attacks, including phishing, brute force, and password reuse. In this case, the former employee was able to obtain login credentials because there were passwords to steal in the first place. If the victim company had implemented passwordless authentication solutions, the incident could have been prevented and the company could possibly be still in business. That’s because passwordless solutions remove the human factor from the authentication process, eliminating the risks associated with weak passwords, password reuse, and social engineering attacks. Passwordless authentication solutions offer a more secure alternative by using biometrics or one-time codes sent to a user’s device. In the Ticketmaster case, the employee would not have been able to steal login credentials for the simple fact that there would have been no passwords to steal.

Multi-Pass as a solution for the problem

Kelvin Zero’s Multi-Pass is an excellent example of a passwordless authentication system that could have prevented the Ticketmaster incident. Multi-Pass uses a combination of biometric authentication and device-based authentication to provide a secure and user-friendly authentication experience for employees. Biometric authentication includes face recognition, fingerprint scanning, and voice recognition, while device-based authentication involves verifying the user’s device, making it impossible for attackers to use stolen credentials on another device.

Multi-Pass significantly reduces the risk of data breaches by eliminating the need for passwords. It also provides a more user-friendly experience by eliminating the need for users to remember complex passwords.

Conclusion

The adoption of passwordless authentication can remove the primary vulnerability in handling critical information, thereby protecting businesses from potential revenue loss and reputational damage. Passwordless authentication is more secure, user-friendly, and efficient, and its rapid adoption across many industries signals a future where passwords will be a relic of the past. Now is the time to start thinking about how your business can benefit from adopting passwordless authentication.

The Ticketmaster data breach highlights the importance of secure authentication and the risks associated with password-based authentication systems. Passwordless authentication solutions, such as Kelvin Zero’s Multi-Pass, offer a more secure and user-friendly alternative to traditional password-based authentication systems. By implementing passwordless solutions, companies can significantly reduce the risk of data breaches that turn out to be more expensive as the world increasingly values personal information and business data.