Adele fans who were purchasing tickets for her tour have reported that they were shown both the address and card details of other customers.
Advance tickets were made available just this morning, and it didn’t take long for there to be several reports that fans could see other people’s shopping baskets. This information obviously included extremely personal data, such as address and payment details.
Songkick, a ticketing company, said that due to “extreme load” on the site, people could see the details of other customers.
They said: “Due to extreme load experienced this morning, some of our customers were incorrectly able to preview limited account information belonging to other customers… We take the security of our users and Adele’s fans very seriously, and we apologize for the alarm we have caused to those purchasers who experienced issues.”
“At no time was anyone able to access another person’s password, nor their payment or credit card details (which are not retained by Songkick).”
However, there have been several claims to the contrary. One fan by the name of Kiran Farmah tweeted: “I got through to buying tickets but it came up with someone else’s screen with their card details and home address for SSE.”
Another fan also backed up these claims while speaking to the BBC: “After queuing for an hour and half, we clicked the tickets we wanted [and] got pushed through to another screen but different tickets were selected.”
“We went with these anyway because we thought otherwise we’d lose out. But when we got to the next screen, where you fill in your details, all of the boxes were already filled in with somebody else’s name, somebody else’s address and somebody else’s credit card number.”
Graham Cluely, who works as a security consultant, had said that this definitely sounds like a case of security being breached.
“This is the sort of thing which should be impossible, even if the website is very busy. It sounds like the website [code] has been written insecurely. It’s spitting out other people’s information – information which they would expect to have been kept private.”
He did stress, however, that he was “unsure” if card numbers had been exposed, but urged customers exercise caution.
“If that information could have been exposed, then keep a close eye on your bank account and your credit card statements. Look for unusual activity there and be very wary of unsolicited messages or unusual emails which you might receive.”