Film festival customer data exposed in hack of third-party ticketing platform

Melbourne International Film Festival organisers are investigating how the personal information of more than 26,000 customers was exposed by a hack of a ticket seller.

Festival organisers on Monday warned past attendees to avoid clicking on any suspicious emails or text messages claiming to be from the festival after a third-party ticketing platform, Ferve Tickets – which MIFF uses to manage ticketing and customer information – was hacked.

While MIFF stressed that complete payment card details were not accessible on the Ferve platform, it said about 26,782 customers might have had their names, email addresses, phone numbers and residential addresses accessed in the hack.

Some MIFF customers received strange emails or prank text messages over the weekend, which raised suspicions that something was amiss. One message reportedly read: “I feel like Miley Cyrus sometimes”. Others simply contained a frowning emoticon.

Ferve Tickets on Monday confirmed the hack to this masthead, and said it took immediate steps to contain the incident as soon as the unauthorised activity was identified.

“Our investigation remains ongoing, and we are working closely with affected clients, cybersecurity specialists and relevant authorities to determine the full scope of the incident,” a Ferve spokesperson said.

“We are continuing to work closely with MIFF and relevant authorities while assessing any additional measures that may be required to further strengthen our systems and processes.”

MIFF said it became aware of the hack last Friday. It said another hack on Saturday meant “some customers received emails or SMS messages sent directly through the system”.

This masthead has seen discussion online about a dark web account that was claiming over the weekend to have details of 340,000 MIFF customers for sale.

However, a festival spokesperson said that figure was incorrect.

“MIFF’s customer database does not contain 340,000 customer records and therefore it is not possible for 340,000 MIFF customer records to have been compromised in this incident,” the spokesperson said.

The festival was currently only aware of 26,782 exposed accounts – about 10 per cent of its total customer database – and was continuing to investigate.

“MIFF has contacted affected customers directly with information about the incident and thesteps being taken in response,” the spokesperson said.

“Based on our current understanding, 26,782 customer records held within the Ferve ticketing platform may have been affected by this incident. We understand customers may be concerned by this incident and si