Would-be Desert Extravaganza Attendees Get Burned by Ticket Hackers

About 200 programmers who found a glitch in an online ticketing system for the annual Burning Man desert camping festival cut to the front of the queue.

Burning Man officials say they will find and cancel the rigged ticket orders.

While 80,000 people all over the world waited their turn in a “first come first serve” logjam, the sly software engineers discovered a design flaw on the ticket page that allowed them to generate a spot ahead of everyone else in line. The event’s 40,000 tickets sold out less than an hour after they went on sale Feb. 18

On Feb. 19, Burning Man’s top brass released a statement after compiling technical information from the firm powering the system, Ticketfly. Indeed, hackers had created a backdoor.

According to the statement, “Absolutely no tickets were sold before the sale opened, but they were able to purchase the first batch of tickets when the sale started.”

The speculation is that the scammers discovered a few lines of JavaScript code on the ticketing website that gave preeminent access to tickets three minutes before they officially went on sale at noon on Feb. 18.

“They left code in the page that allowed you to generate the waiting room URL ahead of time,” said Michael Vacirca, a software engineer at a large defense corporation. “If you knew how to form the URL based on the code segment then you could get in line before everyone else who clicked right at noon.”