Ticket reselling platform Ticket To Cash kept an unprotected database online, exposing sensitive information on hundreds of thousands of customers, experts have warned.
The database was discovered by cybersecurity researcher Jeremiah Fowler, who managed to get in touch with the company and get the database locked down, sharing the details withVPNMentor. Ticket To Cash is a resale service site, using a network of thousands of partner resale sites to help users sell their concert, sports, and other tickets quickly. According to Fowler, it kept a non-password-protected, non-encrypted database with 520,054 records, totaling 200 GB in size.
Read more…
Source: TechRadar News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?
February 3, 2022
A common scenario is one in which an attacker gains access to an internal network via a compromised workstation that has been infected with malware, invariably via a social engineering email attack. No enterprise is immune to this type of insider attack. We all, at some point, took the bait and clicked unsolicited links masquerading ...
- Telco fined €9 million for hiding cyberattack impact from customers
February 1, 2022
The Greek data protection authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication due to a cyberattack. As the agency says in an announcement, COSMOTE infringed at least eight articles of the GDPR, including violating its duty to inform affected customers of ...
- Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data
January 20, 2022
The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people that were stolen from a program used to reunite family members split apart by war, disaster or migration. “While we don’t know who is responsible for this attack, or why they carried it out, we ...
- Former DHS official charged with stealing govt employees’ PII
January 14, 2022
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG ...
- California town announces data breach involving police department, loan provider
January 10, 2022
Grass Valley, California has announced an extensive data breach involving the Social Security numbers and more of all city employees and vendors — as well as anyone who had their information given to the local police department. The city said in a notice that Social Security numbers, driver’s license numbers, and health insurance information was leaked ...
- FlexBooker apologizes for breach of 3.7 million user records, partial credit card information
January 7, 2022
Scheduling platform FlexBooker apologized this week for a data breach that involved the sensitive information of 3.7 million users. In a statement, the company told ZDNet a portion of its customer database had been breached after its AWS servers were compromised on December 23. FlexBooker said their “system data storage was also accessed and downloaded” as ...