VIDEO: Adele ticket website spits out personal data, and possibly credit card details

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Thousands of fans have been trying to buy tickets for singing sensation Adele’s live concerts, but her website is failing to cope with demand.

Worse still, the site is revealing the personal information of other fans.

Adele ticket website spits out personal data | Graham Cluley

Some are reporting that they are even able to see the credit card details of other purchasers – but even if that’s not correct, the leaking of fans’ names and addresses is bad enough.

Sign up to our free newsletter.
Security news, advice, and tips.

According to BBC News, the ticketing website is being run by a firm called Songkick, who blamed the problems on excessive demand for Adele tickets:

“Due to extreme load experienced this morning, some of our customers were incorrectly able to preview limited account information belonging to other customers. There’s no evidence that this included credit card numbers or passwords. We take the privacy of our users very seriously, and we’re looking further into the matter to ensure it doesn’t happen again.”

The thing is this – if the website had been built properly in the first place, it shouldn’t have been possible for customers to see the details of other purchasers at all – regardless of whether the site was busy or not.

Check out my latest video for more information, and please consider subscribing to my channel if you would like to see more in future.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “VIDEO: Adele ticket website spits out personal data, and possibly credit card details”

  1. graphicequaliser

    The way I cope with overly-high demand on our public-facing web server : a simple throttle which checks to see how many requests are pending, and if too many, puts up a screen stating that they try again later when demand abates. These goons look as if they wait for it to crash before they claim there is too much demand! That's cart before the horse if I ever heard of it!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.