The company said earlier that users' email addresses, phone numbers and home and billing addresses were included in the compromised data. A researcher suggested Monday that more than 26 million users were affected; more than 27 million accounts were actually compromised, Ticketfly now admits. However, it points out that customers often use various email addresses to order tickets, so the number of actual people affected is likely lower than that figure.

Ticketfly confirmed payment information and customer passwords were not compromised in the attack. However, it's possible that the hacker grabbed hashed (or scrambled) passwords for venue and promoter accounts. To stay on the safe side, Ticketfly has reset all passwords.