Top ticket resale platform hit by data breach - over 500,000 customer records leaked online

4 hours ago 9

(Image credit: Shutterstock)

Ticket To Cash, a ticket reselling website, kept an open database
It held more than 500,000 customer records
Among the records were partial credit card data, names, and more

Ticket reselling platform Ticket To Cash kept an unprotected database online, exposing sensitive information on hundreds of thousands of customers, experts have warned.

The database was discovered by cybersecurity researcher Jeremiah Fowler, who managed to get in touch with the company and get the database locked down, sharing the details withVPNMentor.

Ticket To Cash is a resale service site, using a network of thousands of partner resale sites to help users sell their concert, sports, and other tickets quickly.

Partial credit card data

According to Fowler, it kept a non-password-protected, non-encrypted database with 520,054 records, totaling 200 GB in size.

The name of the database indicated that it contained customer inventory files in PDF, JPG, PNG, and JSON formats, Fowler explained.

We don’t know how many of these documents belonged to a single person, therefore it’s difficult to determine how many people are affected. We can assume that it’s no more than 520,000.

A “limited sampling” of the exposed documents determined that the database held “thousands” of concert and live event tickets, proof of ticket transfers, user-submitted screenshots of receipts, and other sensitive files.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Some of the documents even contained parts of people’s credit cards, as well as full names, email addresses, and postal addresses.

This type of information is crucial for cybercriminals, as it allows them to engage in targeted phishing, identity theft, and possibly even wire fraud.

Since Fowler did not say when the database was generated, if you’ve ever used Ticket To Cash before, you should keep a close eye on your banking statements and watch for potentially suspicious transactions.

Fowler said he reached out to Ticket To Cash, but it seems the company never responded. It did, after the second attempt, lock the database down. We don’t know for how long it remained open, or if any threat actors accessed it in the meantime.

Top API testing firm APIsec exposed customer data during security lapse
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article