Any feedback about results with different screens would be interesting.

is complete? Thanks a lot.

In any case, ( I checked this with a friend who runs a venue) Ticketweb send full details of customers to the venue. No need to email them via TM’s servers and if that were the case they wouldn’t be able to email the entire database.
(Duh! See Tickets and others would set up as affiliates straight away)

As to whether they could see the data? I think if they were capable of accessing Ticketwebs entire customer database (350,000 emails were sent) they would have no problem accessing the ‘sent data’ and decoding a bit of Base64

I’m no conspiracy theorist but this is what I think (and the reasons I think it)

Ticketweb statement
We have discovered that our TicketWeb UK direct email marketing system was exposed to unauthorised access. As a result, you may have received up to four emails on Saturday.

1) “direct email marketing system” sounds a lot less damaging than the truth which is “customer database” If I was on their direct emailing list I’d have been getting mailouts from them before Saturday.

2) “received up to four emails” This is a very factual/precise piece of info for someone who claims they don’t know what’s going on.

3) The hacking was done by very clever people.
4) The email was not designed to fool anyone with more than one brain cell.

Logical conclusion: Not aimed at Ticketweb and probably not even aimed at Ticketmaster UK. (it was Ticketmaster.com that was hacked)

I think they’ve used Ticketwebs comparatively small database as an illustration of what they are capable of.
Whether its political (someone like Anonymous) revenge or blackmail is anyone’s guess but I’m pretty sure TM know the answer and equally sure they won’t be telling.

So yes. Unsubscribe will remove you from their emailing list and No. It won’t remove you from their database.

Nice article, gin or not….

One lesson to take away is the option to use disposable addresses (such as trashmail) when signing up to sites where you don’t necessarily want to share your real address. The disposable address works long enough to get you through the registration process but expires before you get loads of crud. Of course this won’t work where you /need/ a long term email relationship with a site, but I find it covers 90% of the use cases where some site simply wants to check that I am a person, not a bot.

Cheers

Mick

• What happened is the spammers obtained access to Ticketmaster and managed to send out an email using the Ticketmaster service itself, as if they were a genuine Ticketmaster affiliate.
• We do not know whether email addresses were visible to the spammers when they accessed Ticketmaster. This will (I hope) be one of the key questions that the Information Commissioner asks when talking to the company.
• The malicious site is not actually on a server operated by Ticketmaster. The link takes you through Ticketmaster’s website and redirects you to a separate site. Technical information is in the post I made earlier today.
• There is an unsubscribe link that should remove you from future mailings from Ticketmaster or affiliates.

So yes, whilst you are correct that all companies share/sell data for marketing reasons, that wasn’t the cause of the emails which were sent out on Saturday. It would have happened even if Ticketmaster never sold your details, because the spammers used Ticketmaster to send the email.