Cancel Tickets of Cheaters Who Used Website Hacks in Burning Man Festival

Tickets for the annual Burning Man festival in the Nevada desert are hot supplies, with over 80,000 people registering for the latest release of 40,000 tickets.

This festival started as the burning of a wooden figure on a beach on the summer solstice in 1986 has currently grown to a yearly event that attracts tens of thousands of people. In the last few years, the event has become increasingly popular among the Silcon Valley set, with attendees with Larry Page, Sergey Brin, Elon Musk, Jeff Bezos and Mark Zuckerberg.

Unfortunately thousands of fans who pre-registered to buy tickets but weren’t able to get through the online queue in time, a flaw in the ticketing website permitted some crafty hackers to hack the system in order to jump to the front of the line.

After tickets for the occasion sold out in an hour last Wednesday, Burning Man acknowledged that some people had cut in front of others unfairly when the online sale opened.

In a blog post the next day, Burning Man said about 200 people broken a backdoor in the ticketing website to get to the front of the queue. It guaranteed genuine ticket buyers that the organization was taking steps to address the problem by canceling the fake ticket purchases.

The good news is that we can track them down, and we’re going to cancel their orders. The tickets from those orders will be made accessible in the OMG Sale in August. Of course, steps are being taken to prevent this from happening again in upcoming sales.

Burning Man organized the online sale as “first come, first served,” with a limit of two tickets per person, and required potential buyers to pre-register to receive an email with a link to access the ticketing site. To manage the online sale of the 40,000 existing tickets for the 2015 festival – at $390 a pop – Burning Man used the ticketing organization Ticketfly.

Yet, according to posters at the Burning Man page on Reddit, a few lines of JavaScript embedded in Ticketfly’s online queue exposed the URL of the site’s ‘waiting room’, allowing anyone who could read the code to jump ahead.

As reported by Wired, expressive the URL for the waiting room permitted people to purchase tickets ahead of the start of the sale at 12:00 p.m. PST – while everyone else had to wait until the start time and click a button to enter the queue.

The type of fault that let the cheaters generate the waiting room URL is known as an insecure direct object reference, a coding vulnerability that allows an attacker to bypass approval and access resources directly by modifying the value of a parameter.

This entry was posted in Fraud, lottery scam and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Nigerianspam.com is dedicated to all the hardworking people who have been scammed by the spammer or 419 scam frauds. Although our site concentrates on providing awareness of Nigerian 419 spam (scam), scam baiting, advance fee fraud, scam phising, also we deal with other types of fraud such as letter spam, e-mail scam, lottery spam as well. You can go through our scam baiting tips, it is just amazing way to deal with the spammer or scammer.

Nigerian Scam  |   419 Scam   |   Features of Scam  |   Mission  |   Research  |   Mail Archives  |   About Us   |   File A Complaint  |   Spam News  |   Origin Of Scam   |   Operation Of Scam   |   Consequences   |   Miscellaneous Scams   |   Scam Sites   |   FAQ   |   Contact Us  |   Scam Resources Links  |   Nigerian Scammers  |   Site Map  |   Mail Archives SiteMap  |   Scam Glossary  |   Scam Resources Books  |   Scam Checker Tool  |   Scam baiting   |   More Scam Sites  |  Scam Awareness Quiz  |   Celebrity Scam  |  Search Engine Genie  |   Bharat Udyog Ratna Award Scam Alert  |   Jeff Adams Real Estate Seminar   |   Russ Whitney Real Estate
free hit counter