- Ticket To Cash, a ticket reselling website, kept an open database
- It held more than 500,000 customer records
- Among the records were partial credit card data, names, and more
Ticket reselling platform Ticket To Cash kept an unprotected database online, exposing sensitive information on hundreds of thousands of customers, experts have warned.
The database was discovered by cybersecurity researcher Jeremiah Fowler, who managed to get in touch with the company and get the database locked down, sharing the details withVPNMentor.
Ticket To Cash is a resale service site, using a network of thousands of partner resale sites to help users sell their concert, sports, and other tickets quickly.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
Partial credit card data
According to Fowler, it kept a non-password-protected, non-encrypted database with 520,054 records, totaling 200 GB in size.
The name of the database indicated that it contained customer inventory files in PDF, JPG, PNG, and JSON formats, Fowler explained.
We don’t know how many of these documents belonged to a single person, therefore it’s difficult to determine how many people are affected. We can assume that it’s no more than 520,000.
A “limited sampling” of the exposed documents determined that the database held “thousands” of concert and live event tickets, proof of ticket transfers, user-submitted screenshots of receipts, and other sensitive files.
Some of the documents even contained parts of people’s credit cards, as well as full names, email addresses, and postal addresses.
This type of information is crucial for cybercriminals, as it allows them to engage in targeted phishing, identity theft, and possibly even wire fraud.
Since Fowler did not say when the database was generated, if you’ve ever used Ticket To Cash before, you should keep a close eye on your banking statements and watch for potentially suspicious transactions.
Fowler said he reached out to Ticket To Cash, but it seems the company never responded. It did, after the second attempt, lock the database down. We don’t know for how long it remained open, or if any threat actors accessed it in the meantime.
You might also like
- Top API testing firm APIsec exposed customer data during security lapse
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
This post was originally authored and published by from Tech Radar via RSS Feed. Join today to get your news feed on Nationwide Report®.
