Mix-up on Adele.com Ticket Site Exposes Customer Data
Entertainment // UK and Europe
Fans seeking advance tickets for the songstress’s tour say they saw other people's shopping baskets, including payment details, upon checkout.
Ticketing company Songkick said due to the "extreme load" on the site, some customers could view others' account details.
"At no time was anyone able to access another person's password, nor their payment or credit card details (which are not retained by Songkick)," the outfit said.
Kiran Farmah tweeted, "I got through to buying tickets but it came up with someone else's screen with their card details and home address for SSE.”
Emma Harris told the BBC she had experienced a similar problem.
"After queuing for an hour and half, we clicked the tickets we wanted [and] got pushed through to another screen but different tickets were selected.
"We went with these anyway because we thought otherwise we'd lose out. But when we got to the next screen, where you fill in your details, all of the boxes were already filled in with somebody else's name, somebody else's address and somebody else's credit card number."
Harris said she deleted the other customer's "big, long digit card number" and eventually obtained tickets.
Security consultant Graham Clulely said, "It sounds like the website [code] has been written insecurely. It's spitting out other people's information - information which they would expect to have been kept private."