Ticketfly, a live event tickets selling service owned by Evenbrite Inc., has been taken offline after a “cyber incident” that involved its site being hacked and customer data stolen.

Billboard reported that customers to the site first noticed it had been defaced at about 9 p.m. PDT Wednesday with a picture of a man wearing a Guy Fawkes mask (pictured) and a message from a hacker called IsHaKdZ.

“Your Security Down im Not Sorry,” the first part of the message read, followed by a link to a yandex.com email address and warning from the hacker claiming access to a database called “backstage” that allegedly includes information relating to Ticketfly users.

No ransom demand was made in the image itself, the implication given the inclusion of the email address and mention data theft would suggest that the hacker was likely looking for a payment in return for the data. CNet later confirmed that a ransom was the motivation behind the attack, saying that it had contacted the hacker, who had said he wanted a payment of 1 bitcoin ($7,500) “to fix the exploit.”

Having been made aware of the hack, Ticketfly took its service offline, replacing the defacement with a message that read that “Following a series of recent issues with Ticketfly properties, we’ve determined that Ticketfly has been the target of a cyber incident.”

“Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue,” the message continued. “We are working to bring our systems back online as soon as possible. Please check back later.”

Ticketfly has not provided any further information on how the hack took place, but several people are suggesting that access occurred via a WordPress installation that was not up-to-date.

Jamie Schmid, a community evangelist at Sitelock Inc., wrote that “on Tuesday #ticketfly’s #WordPress website was hacked and a database with private user data was leaked for download. Just days after the #GDPR privacy rule went into effect.”

Michael Villado, a self-described “digital Sherlock Holmes” claimed that not only was the WordPress installation hacked, but as a consequence, “all of the user data and site is completely downloadable” via exposed WordPress-related SQL files.

Image: IsHaKdZ