Dodger fan says his tickets were stolen from MLB's Ballpark app
LOS ANGELES (KABC) -- As it heads into playoff season, Major League Baseball is dealing with a flurry of online ticket thefts tied to its Ballpark app.
Across the country, app users are reporting tickets that have disappeared, many times leaving fans stuck outside stadiums turned away or forced to buy new tickets.
"We didn't have the tickets in our account," said Dodger fan Eric Moreno after he checked his app recently.
Moreno says his Ballpark app was hit twice, with someone making off with potentially thousands of dollars worth of tickets.
"It was a three-game series, division team, really important for us in the playoff race, some really good giveaways," Moreno said of one set of stolen tickets. "And all three of them - gone!"
Major League Baseball though says it's not their fault. It's putting the blame on hacks of other online platforms, saying passwords from those apps were most likely used to break into people's MLB apps. The league released a written statement that reads in part:
"There is no evidence that this was a breach of the MLB system.
"There have been widespread reports of significant data breaches on other platforms. Bad actors then have utilized leaked or stolen credentials from other websites in efforts to access the accounts of MLB fans. We are working tirelessly to address this matter and protect our fans. We want all of our fans to have a great experience when they come to the ballpark and we are sorry that some fans have had to deal with an issue related to their tickets."
"Pretty much everyone under the sun has reused the same password on multiple accounts," said cybersecurity expert Anne Cutler, who works for Keeper Security. "So often, if a cybercriminal can find a password online for one account, they can try it against another account and that's how they get in."
Cutler says it's important for people using the Ballpark app to immediately change their password and create one that is unique, lengthy and complex.
But she is also pointing the finger at MLB, saying its password standards are outdated and don't even allow multi-factor authorization, or MFA.
"Users need to be able to have strong, unique passwords. Passkeys should be an option and strong forms of MFA should be available on every single app and website," Cutler said.
As for Moreno, MLB was able to return all the tickets stolen from him, though now he finds himself constantly checking the tickets on his app.
"Every day! I check it every day," he said. "I have to. I want to go to these games. They're coming up next week."
