topic Don't become a Songkick in Industry News https://community.isc2.org/t5/Industry-News/Don-t-become-a-Songkick/m-p/42156#M5240 <P>Songkick&nbsp; sold concert tickets.&nbsp; One of their execs left for a competitor, taking trade secrets and access to Songkick's systems, which Ticketmaster subsequently used in violation of the Computer Fraud and Abuse Act, resulting in Ticketmaster paying both a $110M <A href="https://www.bizjournals.com/losangeles/news/2018/01/15/live-nation-settles-with-songkick-for-110-million.html" target="_blank" rel="noopener">settlement</A> to Songkick and a $10M <A href="https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-million-criminal-fine-intrusions-competitor-s-computer-systems-0" target="_blank" rel="noopener">federal criminal fine</A>.&nbsp; Songkick however fared even worse.&nbsp; Between the loss of business and the dealing with the legal aspects, they ended up bankrupt and now part of Warner Music.&nbsp;</P><P>&nbsp;</P><P>Apparently, the big things the enabled Tickemaster to succeed was that URLs to pre-release information were protected only by "secret" URLs; future URLs could be predicted by knowing generation algorithm; and that Songkick did not change passwords when the exec left.&nbsp; These all seem pretty much like the things one should learn in security 101.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Jan 2021 23:15:07 GMT denbesten 2021-01-05T23:15:07Z Don't become a Songkick https://community.isc2.org/t5/Industry-News/Don-t-become-a-Songkick/m-p/42156#M5240 <P>Songkick&nbsp; sold concert tickets.&nbsp; One of their execs left for a competitor, taking trade secrets and access to Songkick's systems, which Ticketmaster subsequently used in violation of the Computer Fraud and Abuse Act, resulting in Ticketmaster paying both a $110M <A href="https://www.bizjournals.com/losangeles/news/2018/01/15/live-nation-settles-with-songkick-for-110-million.html" target="_blank" rel="noopener">settlement</A> to Songkick and a $10M <A href="https://www.justice.gov/usao-edny/pr/ticketmaster-pays-10-million-criminal-fine-intrusions-competitor-s-computer-systems-0" target="_blank" rel="noopener">federal criminal fine</A>.&nbsp; Songkick however fared even worse.&nbsp; Between the loss of business and the dealing with the legal aspects, they ended up bankrupt and now part of Warner Music.&nbsp;</P><P>&nbsp;</P><P>Apparently, the big things the enabled Tickemaster to succeed was that URLs to pre-release information were protected only by "secret" URLs; future URLs could be predicted by knowing generation algorithm; and that Songkick did not change passwords when the exec left.&nbsp; These all seem pretty much like the things one should learn in security 101.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Jan 2021 23:15:07 GMT https://community.isc2.org/t5/Industry-News/Don-t-become-a-Songkick/m-p/42156#M5240 denbesten 2021-01-05T23:15:07Z