Scalpers have found a way to bypass Ticketmaster and AXS’s restrictions on ticket resales by using a security researcher’s discoveries. This loophole was brought to light in a lawsuit filed by AXS against third-party brokers who were taking advantage of this method. The story began when an anonymous researcher, known as Conduition, shared the technical details of how Ticketmaster generates its digital tickets. Ticketmaster and AXS typically lock ticket resales within their own platforms to prevent transfers to third-party services like SeatGeek and StubHub. They even go as far as prohibiting transfers to other accounts on the same platform for high-demand events.
While the companies argue that this practice is for security reasons, it also conveniently allows them to have control over the resale of tickets. Ticketmaster and AXS use rotating barcodes that change frequently, similar to two-factor authentication apps, making it difficult to take screenshots or print out the tickets. The codes are generated shortly before the event, limiting the window for sharing them outside the official apps. This strategy effectively locks ticket buyers into using the platforms’ resale services, giving them complete control over the entire ticketing process.
Hackers have capitalized on Conduition’s findings by extracting the platforms’ secret tokens that generate new tickets. By creating a parallel ticketing system, they are able to regenerate authentic barcodes on unauthorized platforms, allowing them to sell functional tickets where Ticketmaster and AXS do not permit. These parallel tickets reportedly work at the event gates, despite being labeled as “counterfeit” by AXS in their lawsuit against the brokers. The court documents suggest that the hackers are accessing and replicating tickets from the AXS platform without authorization.
AXS claims they are unaware of how the hackers are bypassing their system. The potential to circumvent Ticketmaster’s restrictions has led brokers to seek out Conduition’s help in creating their own ticket-generating platforms. Some services, like Secure.Tickets, Amosa App, Virtual Barcode Distribution, and Verified-Ticket.com, are already operating based on the researcher’s findings. For those interested in the technical aspects, Conduition’s research sheds light on the inner workings of the ticketing giants and how they maintain control over the ticketing ecosystem.
404 Media’s in-depth coverage of the issue provides further insights into the ongoing battle between ticketing platforms and those seeking to bypass their restrictions. The story serves as a reminder of the challenges faced in regulating ticket resales and the lengths to which some are willing to go to exploit the system for their gain.
