It used to be that to get into any concert or other event, you’d take your ticket to the gate, it would be checked visually, the stub ripped off, and you’d be handed the stub and sent on your way. In the modern, electronic world, now you just walk up, get your ticket scanned, and you’re in—the barcode has replaced holograms and other means of ensuring the authenticity of a ticket. Nowadays, print-at-home tickets are extremely common, which reduces tickets to simple pieces of paper that are presumably secured because of their unique barcode. With a little social engineering and a little bit of luck, that barcode system is what could let you into potentially any concert (or any other event) for free. Keep in mind actually doing this is unethical at the very least, if not immoral and even illegal. This post is simply making an observation and reminding consumers to protect their tickets, not encouraging any wrongdoing.
A lot of people read the “how-to” in the title, and missed the last line of the first paragraph and thought this post was actually encouraging getting in to a show with somebody else’s ticket. That is *not* the point — but rather that it’s so ridiculously easy for someone else that you have to protect yourself (which thankfully is even easier).
People are obsessed with Twitter, Facebook, and every other social networking thing out there, and they love to share their lives with people. Because of that and the ease of sharing photos and videos in such great quality online, they do it for nearly everything. Take for example those concert tickets you ordered online arriving in the mail… you’re excited about them, so you take a picture and tweet it to the world. Now the tickets you paid $50 each for are up for grabs, even though they’re securely snug in your wallet.
At this point, all I’d have to do is take this sample ticket (.pdf) and the picture of the real ticket, open them in an image editor, and paste the real barcode over the sample one. After that, you can change or leave whatever info you’d like, but honestly the person standing there scanning your barcode isn’t going to look at anything beyond where they’re pointing their reader. That’s it. All you need to have is a legit barcode. Now of course this only works if you show up before the other person with the same barcode, because only one of you is getting in unless the person with the authentic tickets can convince the staff otherwise. Because of that, this probably would only work well for general admission events to avoid any potential showdowns at an assigned seat.
I thought of this initially when I saw an ad on craigslist for football tickets, and the guy had included pictures of the tickets as proof he actually had them. Then I was reminded when I saw somebody else tweet a picture of their concert tickets, full barcode and all visible. Then I did searches on twitter for “tickets twitpic” and “tix yfrog” (and other variations of the same using other twitter picture services) and observed at least a dozen tickets in just the first couple pages of results. It was pretty amazing honestly to see how many were out there and realize how easy it would be to attend literally every concert in a given area for free using that method. I imagine using the official Twitter app’s location-based search from your GPS-enabled phone you could find even more, but just searching “[event name] tickets twitpic” would probably be enough.