Mookh Africa apologises after 'bot attack' crashes Kenya vs Madagascar CHAN ticket sales

CHAN's ticketing platform, Mookh Africa, has issued a public apology to fans after a system crash on their site left many unable to secure tickets for the quarter-final match between Kenya and Madagascar, slated for Friday at the Moi International Sports Centre, Kasarani in Nairobi.

According to the company, the site was flooded by automated bots as soon as tickets went live at noon, leading to widespread frustration and disappointment among genuine fans.

"We know how important it is for you to have a fair chance at getting tickets, and we’ve heard your frustration loud and clear," the company said in a statement released Tuesday.

"When sales opened at noon, our system was overwhelmed by automated bots, preventing genuine fans from securing tickets as intended. Our team is actively working to stop this so that tickets go to fans, not bots."

Mookh Africa has promised that tickets will be back on sale soon and assured users that stronger technical defenses are being implemented to protect against automated scripts in future sales.

All four group matches involving Harambee Stars have previously sold out, with many fans unable to gain entry despite attending the stadium.

How bots hijack ticket sales

Bots, short for “robots”, are automated software programs designed to rapidly carry out tasks such as buying tickets.

In the ticketing world, scalpers and resellers use them to:

Refresh ticket pages thousands of times per minute

Add tickets to cart and check out faster than any human

Circumvent ticket limits using fake identities or multiple accounts

Hoard tickets to resell later at inflated prices

In high-demand events, bots can snatch up thousands of tickets within seconds, leaving real fans with nothing, and often fueling black-market resale.

Expert: It may not be just bots

To better understand the situation, The Eastleigh Voice spoke to Charles Mwaniki, a Kenyan cybersecurity specialist and software engineer, who believes that bots may not be the only culprit.

"From a technical standpoint, several things could have caused the crash we saw on chan.mookh.com. While bots are certainly a problem, we need to look at the broader picture," Mwaniki said.

He outlines four possible causes of the outage:

Other Topics To Read

• Headlines
• CHAN
• Harambee Stars
• CHAN 2024
• Mookh
• CHAN 2024 tournament
• CHAN 2024 Group A match
• CHAN tickets
• CHAN 2024 quarterfinals
• Mookh Africa apologises after 'bot attack' crashes Kenya vs Madagascar CHAN ticket sales
• Football

DDoS attack (Distributed Denial-of-Service)

"If bots were involved in a coordinated DDoS attack, they could have intentionally flooded the servers with requests, making it impossible for the site to respond. This is different from regular bot purchases; it's designed to crash the site itself."

A DDoS attack can involve thousands (or millions) of fake requests per second, making systems unresponsive and unavailable to legitimate users.

Unexpected traffic spike

"Sometimes, a genuine traffic surge, say, tens of thousands of fans all trying to buy tickets at once, can also crash a system. But usually, if it's just heavy traffic, the site would be slow or return after a short time."

Mwaniki suggests that if this were the case, fans might have seen longer load times but eventually gotten access, not a complete failure.

Intentional takedown by Mookh

"There’s a small possibility the platform itself pulled the plug temporarily, either to reset systems, stop bot activity, or protect backend servers. This is known as a controlled shutdown."

In crisis situations, developers might intentionally take a site offline to patch vulnerabilities or reconfigure capacity.

External hacking or security breach

"It’s also possible that hackers exploited a vulnerability in Mookh's system, not just bots, but actual intruders manipulating data or disabling services. In that case, you'd expect a more prolonged outage or even data exposure."

He clarifies that this is purely speculative, but not impossible, especially given the growing focus on digital event platforms.

Can platforms fight back?

Ticketing platforms worldwide, especially in the UK and the US, are investing in more advanced tools to stop bots and prevent ticket fraud.

These include:

CAPTCHAs to separate humans from bots

Queueing systems that randomise who gets through

Rate limiting to restrict how many times a single user or IP can refresh

Bot-detection algorithms powered by AI

Third-party cybersecurity partnerships

Global leaders like Ticketmaster and Eventbrite spend millions per year combating bots, yet the arms race continues, as bot developers adapt quickly.

What this means for Kenyan fans

The Mookh incident has sparked an outcry online and drawn attention to Kenya’s rapidly evolving live event industry.

“How is this happening? Sasa sisi tumenunua ni bots?” Amina Hassan, an Eastleigh resident said.

She had already bought the ticket.

As major shows increasingly go digital, fans are left competing not just against each other, but also against malicious software.

Mookh Africa says it is working on upgraded protections and will reopen ticket sales soon, promising a fairer process for genuine fans.

In the meantime, experts like Mwaniki urge platforms to adopt proactive cybersecurity practices, including simulated load testing and pre-sale verification systems, to reduce the risk of repeat failures.

“Digital ticketing in Africa is growing, which is a positive step forward. But for a high-profile game like this, better preparation was essential. They knew the match was at home, and demand would be high. Security and system resilience can’t be an afterthought,” Mwaniki said.

“As fans await the reopening of ticket sales, the incident serves as a wake-up call for digital platforms across Africa: in the age of high demand and high stakes, reliability and fairness must go hand in hand,” he said.