Bots Are Snagging Swiftie Tickets on Ticketmaster, and Your Flash Sales Too

No, you’re not imagining it—bad bots are everywhere—in the news, on Twitter, and they’re not slowing down. As crowds of dedicated fans and loyal customers get denied their hearts’ desires en masse, the masses really start to notice.

In recent years, we’ve seen gamers struggle to snag the newest PS5 console, sneaker heads try to get in on the latest limited-edition shoe drop, and even COVID-19 vaccine appointments get snapped up from patients in need, all thanks to bots. Most recently, Taylor Swift fans (aka “Swifties”) worldwide were left heartbroken when they were unable to beat the scalper bots plaguing Ticketmaster’s site, a frustrating situation for all.   

Why did bots target Ticketmaster (and Taylor)?

While disconcerting, it’s no surprise the bots went after Ticketmaster’s Taylor Swift tickets. Online event ticket sales in 2019 reached $10B, and the global online event ticketing market size is expected to hit $68B by 2025. The high-level ROI tempts more nefarious hackers every day to try gaming the system with “ticket bots” (scalper bots that scoop up huge quantities of tickets to high-value events), so they can resell them at a significant mark up. 

On the other hand, attackers simply looking to cause mayhem or harm the reputation of a competitor may not even sell the tickets. For some bots, the goal is to cause a denial of inventory while malicious actors sit back and watch the chaos unfold. Then, there are the bots that specialize in fake account creation to wreak havoc by committing various types of fraud disguised as real users. However, never before have we seen scalper, ticket, or fake account creation bot activity as widely publicized as the attacks targeting the highly anticipated Taylor Swift Eras Tour ticket sales. 

As the story unfolds according to Ticketmaster, bot activity to the Taylor Swift ticket sales peaked with a “staggering number of bot attacks” among 3.5 billion requests that hit Ticketmaster, causing the site to repeatedly crash. Thousands of fans were unable to get access to the presale group, and ultimately, the general ticket sale had to be canceled. 

The Taylor Swift ticket attack is a prime example of both the increasing sophistication of bots—which even managed to disrupt Ticketmaster’s “Verified Fan” presale—and the massive payday threat actors see in scalping tickets and other in-demand goods like sneakers and game consoles. Unfortunately for Ticketmaster and Swifties around the world, the use of verified accounts was not enough.

When earning potential is high from a premium brand or event, it creates a greater incentive to build and use sophisticated bots. 

As the angry tweets roll in from disgruntled fans, we feel for Ticketmaster and commend the company’s transparency around the issue. It’s becoming harder by the second for online enterprises to keep up with the level of sophistication of bot activity, which is directly correlated with the value attackers can gain from cybercrime. 

Bots continue to serve as an easy attack vehicle for threat actors thanks to bots as a service (BaaS) enabling easy, widespread access to bots and increasing the likelihood of many attacks targeting the same sites at the same time. BaaS strongly contributes to autoscaling for massive bot attacks such as the ones targeting T-Swift’s ticket release. 

What can online businesses take away from Ticketmaster’s Taylor Swift turmoil?

The primary lesson here is to ensure your business and customers are secured by adaptive and thorough bot protection that covers all endpoints across your mobile apps, websites, and APIs. As high profile events and special edition goods inevitably continue to launch, expect bots to make their best attempt at disrupting your sales, creating chaos.

Particularly around the holidays with many flash sales on Black Friday, Cyber Monday, and beyond ahead, it is critical that you prepare to avoid detrimental consequences. In fact,  several ticketing sites have chosen DataDome to protect them. We continue seeing increased interest in bot and online fraud protection from companies running flash sales and holiday specials, indicating increased awareness around bot threats. 

For any inquiries or questions on how you can mitigate risk, reach out to us!