iStockphoto
Numerous Major League Baseball fans have been the target of hackers who stole their tickets from the MLB Ballpark app and then resold them on sites like SeatGeek and StubHub. Making it even worse, some fans didn’t find out their digital tickets had been stolen until they arrived at the game they were planning to attend.
According to the website promoting the Ballpark app, should keep baseball fans’ “digital tickets secure and accessible” on their smartphones.
The app, which is used by every team in Major League Baseball, is supposed to do this by keeping fans’ “tickets safe with fraud-resistant rotating barcodes stored directly on [their] smartphone for quick and secure entry.” In some cases, iorder to access purchased tickets, users may need to verify their email address to access and manage them. That, apparently, hasn’t stopped some hackers.
Major League Baseball is are aware of the thefts of fans’ tickets through the Ballpark app
“The Ballpark app is operating properly and continues to process tickets for millions of fans who attend MLB games,” the league told The Athletic. “There is no evidence that this was a breach of the MLB system,” the league said. “There have been widespread reports of significant data breaches on other platforms. Bad actors then have utilized leaked or stolen credentials from other websites in efforts to access the accounts of MLB fans.
“We are working tirelessly to address this matter and protect our fans. We want all of our fans to have a great experience when they come to the ballpark and we are sorry that some fans have had to deal with an issue related to their tickets.”
A league source also revealed that the problems began showing up around Labor Day. Major League Baseball now suggests fans change their passwords, but they haven’t widely communicated this to their users, according some fans who spoke to The Athletic.
“We are telling fans to reset their password to a new, unique password that they will not use anywhere else,” MLB said in a statement. “We have taken this step as a precaution in an effort to protect fans and their tickets. Before leaving for the game, fans should check their Ballpark account and/or proactively reset their password. They should log out of all MLB applications and log back in with their updated password.”
Large market teams like the New York Mets and Boston Red Sox are reportedly popular targets for the hackers. The Mets, the Red Sox, StubHub, and SeatGeek either ignored or denied requests for comment or deferred comment to Major League Baseball when asked about the thefts.