Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label event tickets. Show all posts
ticketing
Cybersecurity Data Breach Digital Security Encryption event tickets Fraud Hacking Identity Theft PII Privacy ticketing

Massive Data Leak Exposes 520,000+ Ticket Records from Resale Platform 'Ticket to Cash'

 

A critical security lapse at online ticket resale platform Ticket to Cash has led to a major data breach, exposing over 520,000 records, according to a report by vpnMentor. The leak was first uncovered by cybersecurity researcher Jeremiah Fowler, who found the unsecured and unencrypted database without any password protection.

The database, weighing in at a massive 200 GB, contained a mix of PDFs, images, and JSON files. Among the leaked files were thousands of concert and live event tickets, proof of transfers, and receipt screenshots. Alarmingly, many documents included personally identifiable information (PII) such as full names, email addresses, physical addresses, and partial credit card details.

Using the internal structure and naming conventions within the files, Fowler traced the data back to Ticket to Cash, a company that facilitates ticket resale through over 1,000 partner websites. “Despite contacting TicketToCash.com through a responsible disclosure notice,” Fowler reported, “I initially received no response, and the database remained publicly accessible.” It wasn’t until four days later, following a second notice, that the data was finally secured. By then, an additional 2,000+ files had been exposed.

The responsible party behind maintaining the database—whether Ticket to Cash or a third-party contractor—remains uncertain. It’s also unknown how long the database was left open or whether it had been accessed by malicious actors. “Only a thorough internal forensic investigation could provide further clarity,” Fowler emphasized.

Ticket to Cash enables users to list tickets without upfront fees, taking a cut only when sales occur. However, the company has faced criticism over customer service, particularly regarding payment delays via PayPal and difficulty reaching support. Fowler also noted the lack of prompt communication during the disclosure process.

This breach raises serious concerns over data privacy and cybersecurity practices in the digital ticketing world. Leaked PII and partial financial information are prime targets for identity theft and fraud, posing risks well beyond the original ticketed events. As online ticketing becomes more widespread, this incident serves as a stark reminder of the need for strong security protocols and rapid response mechanisms to safeguard user data.
Read more »
Subscribe to: Posts (Atom)