The hacker responsible for the attack has leaked the personal information of Ticketfly users onto a public server, according to Engadget. On Sunday, the San Francisco firm’s parent company, Eventbrite confirmed that information was stolen, but did not disclose the number of customers affected.

Troy Hunt, web security expert and the founder of Have I Been Pwned, a website which allows users to check whether their emails have been leaked, estimates at least 26,151,608 Ticketfly email addresses were found in the files uploaded onto the public server, Engadget reported.

Customers’ passwords and credit card details were seemingly spared from the breach, according to Ticketfly. However, the ticketing site isn’t completely out of the woods yet—the hacker has threatened to upload more private data if ransom demands are not met.

Motherboard reports the hacker had previously notified Ticketfly of a security flaw, proceeding to request a ransom of one bitcoin in exchange for a fix. When the alert was ignored, Ticketfly’s database was infiltrated.

Despite attempts to bring its services back online, Ticketfly is still offline. The ticketing company encourages customers to “keep checking in on your favorite venue/promoters’ websites, social media channels, or box offices” amid the ongoing investigation.

Eventbrite acquired Ticketfly for $200 million last year from music streaming titan, Pandora, with the hopes of boosting its event management and ticketing services.