Romania’s Electric Castle, Latvia’s Positivus and Austria’s Poolbar are among the major festivals impacted by one of the worst IT outages in history, this weekend.

Last Friday, a faulty security update by cybersecurity firm Crowdstrike caused 8.5 million Microsoft Windows computers to crash around the world, with businesses, banks, hospitals and airlines among the worst-hit.

Thousands of flights were cancelled due to the glitch, causing some artists to miss their scheduled sets at the weekend’s festivals.

Electric Castle’s 10th edition was hit with 14 cancellations by artists including Sleaford Mods, Hospitality Night, Sasha, Dov’è Liana, Jayda G, Ron Trent, Zack Fox, Hoax, PVC, Anais, INJA, Unglued, Voltage and Kings of the Rollers.

“It was crazy… the most difficult edition to handle,” EC’s Renate Rozenberg tells IQ. “We have to admit that what happened on Friday turned us upside down but we are so grateful because, once again, we were shown that we really are a community – not only with our team or the festivalgoers but with the artists and their teams.”

“Everybody tried really hard to solve an unsolvable situation”

“Everybody tried really hard to solve an unsolvable situation but you couldn’t book a new flight or even open airlines’ websites,” she continues. “But the artists were so patient and some even waited in the airport for 12 hours or so. It was amazing how hard they tried to attend the festival.”

A handful of artists even arrived minutes before their sets, according to Rozenberg.

“Nina Kravitz, for example, was supposed to perform on Friday at 11 pm but at 6 pm she was still stuck in an airport. We didn’t know if she would make it but she did at the last minute, and she was there on stage and performing and everything was great.”

While Electric Castle kept all its headliners in place, Latvia’s Positivus wasn’t so lucky. Two of the three headliners, Offset and Nothing But Thieves, were forced to cancel their performances at the festival due to the outage.

“In its sixteen years of existence, the Positivus Festival had never faced such immense challenges as it did yesterday”

“In its sixteen years of existence, the Positivus Festival had never faced such immense challenges as it did yesterday,” organisers wrote on Saturday (20 July).

“Until late [on Friday] night, we were searching for a charter flight to bring Offset from London to Riga,” they explained. “As soon as it became clear that it would not be possible for him to fly on Friday with a special flight, we searched until late into the night for possibilities to fly on Saturday. The technical personnel of the artists were already in the festival area yesterday and ready for the concert. However, the artist himself was so worried about his ability to get back to America that they decided to cancel the show.”

Nothing But Thieves, on the other hand, were unable to transport their large amount of luggage due to issues at the airport and the band’s headlining spot was filled by Benjamin Clementine. All other artists arrived at the festival in Riga.

Friday ticket holders were invited to attend the festival on Saturday.

Elsewhere in Europe, Austria’s Poolbar festival was forced to reschedule Bombay Bicycle Club’s show from Friday to Sunday (21 July), as the band’s flights were affected by the glitch.

Combination tickets to the festival were made valid for Friday and Sunday. Ticket holders who were unable to attend on Sunday could return their tickets to booking offices.

The festival was taking place between 4 July to 11 August in the city of Feldkirch in the Austrian province of Vorarlberg with between 20,000 and 25,000 people.

Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Live Nation has launched an investigation after confirming that its Ticketmaster subsidiary has suffered a data leak.

It was reported last week that hackers had stolen the personal details of 560 million Ticketmaster customers, with a spokesperson for Australia’s department of home affairs spokesperson saying it was “working with Ticketmaster to understand the incident”.

The ShinyHunters hacking group is said to be demanding a US$500,000 (€462,000) ransom payment for the 1.3 TB of stolen data, which allegedly includes partial credit card details, customer names, addresses and emails.

In a regulatory filing with the US Securities and Exchange Commission (SEC), Live Nation says the hack was detected on 20 May.

“On May 20, 2024, Live Nation… identified unauthorised activity within a third-party cloud database environment containing company data (primarily from its Ticketmaster L.L.C. subsidiary) and launched an investigation with industry-leading forensic investigators to understand what happened,” says the statement.

“On May 27, 2024, a criminal threat actor offered what it alleged to be company user data for sale via the dark web. We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.

“As of the date of this filing, the incident has not had, and we do not believe it is reasonably likely to have, a material impact on our overall business operations or on our financial condition or results of operations. We continue to evaluate the risks and our remediation efforts are ongoing.”

“AEG has long maintained that Ticketmaster has a monopoly in the US ticketing marketplace”

Meanwhile, AEG Presents CEO Jay Marciano has weighed in on the US Department of Justice’s (DOJ) antitrust lawsuit against Live Nation, branding LN a “monopoly”.

In a memo to staff obtained by Variety, Marciano said: “AEG has long maintained that Ticketmaster has a monopoly in the US ticketing marketplace and uses that monopoly power to subsidise Live Nation’s content businesses, preventing other businesses from competing in those areas and leaving consumers to suffer the consequences.

“As you know, the cornerstone of Live Nation’s monopoly is Ticketmaster’s exclusive ticketing contracts with the vast majority of major concert venues in the United States. These agreements block competition and innovation and result in higher ticketing fees, denying artists the ability to choose who will ticket their shows and how much their fans should pay.”

In response, Live Nation’s Dan Wall says in a statement: “This is why antitrust protects competition, not competitors trying to use the courts to advance their own interests. AEG supports this case — indeed, begged DOJ to file it — because it doesn’t want to pay artists market rates or convince venues to adopt its second-rate ticketing system exclusively.

“Its complaints about service charges are hypocritical since it could lower AXS service charges today if it really cared about that. Self-serving arguments like these are common in antitrust cases, but rightly ignored.”

Live Nation share price has risen slightly today to $US93.74, giving the company a market capitalisation of $21.7 billion.

Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

Australia’s department of home affairs is investigating the alleged theft of the personal details of 560 million Ticketmaster customers by hackers.

The notorious ShinyHunters hacking group is reportedly demanding a US$500,000 (€462,000) ransom payment for the 1.3 TB of stolen data, which is said to include partial credit card details, customer names, addresses and emails.

A department of home affairs spokesperson says it is “working with Ticketmaster to understand the incident”, while the FBI has offered assistance to Australian authorities.

VX-Underground, which describes itself as the largest collection of malware source code, samples and papers on the internet, claims the hack was carried out in April.

Citing “multiple individuals privy to and involved in the alleged Ticketmaster breach”, it tweets: “An unidentified Threat Group was able to get access to Ticketmaster AWS instances by pivoting from a Managed Service Provider.

“We can assert with a high degree of confidence the data is legitimate”

“The Ticketmaster breach was not performed by ShinyHunters group. ShinyHunters is the individual and/or group which posted the auction of the data, they are acting as a proxy for the threat group responsible for the compromise.

“Based on data provided to us by the threat group responsible for the compromise, we can assert with a high degree of confidence the data is legitimate. Date ranges in the database appear to go as far back as 2011. However, some dates show information from the mid-2000s.”

It adds: “The data provided to us, even as a ‘sample’, was absurdly large and made it difficult to review in depth.”

Security researcher Kevin Beaumont tells the BBC: “If Ticketmaster has had a breach of this scale it is important they inform customers but it is important to also consider that sometimes criminal hackers make false or inflated claims about data breaches – so people should not be overly concerned until a breach is confirmed.”

Ticketmaster has been approached for comment on the matter, but is yet to release a statement.

Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.

A computer scientist has been sentenced to a month in prison for hacking into the onsale for French metal festival Hellfest.

On 9 October, the man took the festival’s ticketing servers offline by sending 46,000 simultaneous connections to its Weezevent-powered box office, a court in Bobigny, Paris, heard. The man works in cybersecurity and is part of a group of hackers, but had no previous criminal convictions, according to 20 Minutes.

Found guilty of “fraudulent [activities] in an automated data-processing system”, the man was fined, in addition to the one-month jail term. The prosecution had pushed for a three-month suspended sentence.

The hacker told he wanted to buy tickets for Hellfest 2020 without “having to queue”

While the hacker reportedly told police that he wanted to buy tickets for Hellfest 2020 without “having to queue”, festival director Ben Berbaud tells Ouest-France the man did not buy a single pass. (During the half-hour cyberattack, all other buyers were presented with an error page.)

Even with the downtime, the festival sold out all 55,000 three-day passes in an hour and a half.

Hellfest 2020, the 15th edition of the event, takes place 19–31 June 2020. Hellfest 2019 performers included Kiss, Tool, Manowar, Def Leppard, Lynyrd Skynyrd, Whitesnake and Slayer.

Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.