Sunday, 19 January 2025
25.9 C
Singapore

Hackers bypass Ticketmaster’s barcode system to enable resales on other platforms

Hackers have found a way to bypass Ticketmaster's "nontransferable" tickets, allowing resales on other platforms despite security measures.

Scalpers have discovered a way to bypass the “nontransferable” digital tickets from Ticketmaster and AXS, allowing these tickets to be resold on other platforms. This revelation came from a lawsuit filed by AXS in May against third-party brokers using this method. 404 Media first reported the news.

The beginning of the saga

In February, an anonymous security researcher, Conduition, published technical details on how Ticketmaster generates its electronic tickets. If you’re unaware, Ticketmaster and AXS restrict ticket resales within their platforms, preventing transfers to third-party services like SeatGeek and StubHub. They even stop transfers to other accounts on the same platform for high-demand events.

While the companies claim this is a security measure, they control the resale process entirely. Ticketmaster and AXS create their “nontransferable” tickets with rotating barcodes that change every few seconds, preventing screenshots or printouts from working. This technology is similar to two-factor authentication apps. The barcodes are generated shortly before the event starts, limiting the time they can be shared outside of the apps. This setup locks buyers into the platforms’ resale services, giving Ticketmaster and AXS control over ticketing.

The hackers’ workaround

Hackers have now found a way to bypass this system. Using Conduition’s published findings, they extracted the secret tokens that generate new tickets. They achieved this by using an Android phone with its Chrome browser connected to Chrome DevTools on a desktop PC. They created a parallel ticketing system with these tokens that generates genuine barcodes on other platforms. This allows them to sell working tickets on platforms not approved by Ticketmaster and AXS. Reports indicate that these parallel tickets often work at the event gates.

404 Media reports that AXS’ lawsuit accuses the defendants of selling “counterfeit” tickets, even though they usually work, to “unsuspecting customers.” The lawsuit describes the parallel tickets as being created by mimicking or copying tickets from the AXS platform.

AXS claims it doesn’t know how the hackers are managing this. The possibility of effectively jailbreaking Ticketmaster has proven so lucrative that several brokers have tried to hire Conduition to build ticket-generating systems. Some services already using the researcher’s findings include Secure. Tickets, Amosa App, Virtual Barcode Distribution, and Verified-Ticket.com.

The bigger picture

404 Media’s report provides a detailed look into the technical aspects of what Ticketmaster and AXS are doing to keep their ecosystems under control. Conduition’s findings reveal these companies’ measures to prevent ticket transfers and maintain their monopoly over the resale market.

This situation highlights the ongoing battle between consumers looking for flexibility and companies aiming to retain control over their products. As hackers continue to find ways around these restrictions, it remains to be seen how Ticketmaster and AXS will respond to protect their systems and maintain their business models.

Hot this week

Sterra launches dehumidifiers to improve home comfort and air quality

Sterra introduces the Ray and Titan dehumidifiers, offering advanced humidity control and air purification for healthier, more comfortable homes.

More applicants but harder to hire: LinkedIn highlights hiring challenges in 2025

LinkedIn's 2025 research highlights hiring struggles in APAC, driven by a skills mismatch, rising AI demands, and new tools to address these challenges.

Commvault introduces automated recovery for Microsoft Active Directory amidst growing ransomware threats

Commvault launches automated recovery for Microsoft Active Directory, reducing downtime and improving resilience against growing ransomware attacks.

Perplexity acquires Read.cv, a professional networking platform

Perplexity acquires professional networking platform Read.cv, ending its operations. Users can export data until May 16 as domains shift to Hello.cv.

Nvidia criticises Biden’s AI chip rules while seeking Trump’s support

Nvidia criticises Biden’s new AI chip restrictions, aligning with Trump’s policies while highlighting risks to US innovation and global competitiveness.

ASUS introduces ProArt Display 5K PA27JCV for creative professionals

ASUS unveils the ProArt Display 5K PA27JCV, a 27-inch monitor offering 5K resolution, Delta E<2 colour accuracy, and advanced features for creators.

Character AI tests games on its platform to boost user engagement

Character AI introduces games to its platform to boost user engagement and enhance its entertainment offerings.

Canoo files for bankruptcy, ending seven years of EV innovation

Canoo, a seven-year-old EV startup, filed for bankruptcy and ceased operations after failing to secure funding.

Perplexity acquires Read.cv, a professional networking platform

Perplexity acquires professional networking platform Read.cv, ending its operations. Users can export data until May 16 as domains shift to Hello.cv.