The size of the database is getting larger too.
More than 500,000 records have been exposed in a data breach of the ticket reseller Ticket to Cash.
According to a disclosure by researcher Jeremiah Fowler, the publicly exposed database was not password-protected or encrypted and contained 520,054 records with a total size of 200 GB.
“In a limited sampling of the exposed documents, I saw thousands of concert and live event tickets, proof of ticket transfers, user-submitted screenshots of receipts, and more,” he said. “Some of these documents contained partial credit card numbers, full names, email addresses, and home addresses.”
Fowler said internal files and folder names indicated the records belonged to Ticket to Cash - an online ticket resale platform - but no response was received to his disclosure, and the database remained open. “It took several days and a second notice before the database was finally restricted from public access and no longer accessible,” he said, pointing out that in the time between his first responsible disclosure notice and the second four days later, the number of exposed records had grown by over two thousand files.
Although the records appeared to belong to Ticket to Cash, it is not known if the database was owned and managed directly by them or by a third-party contractor. It is also not known how long the database was exposed before it was discovered.
Fowler also pointed out that it is not known who owns Ticket to Cash, as the information is not available online and he received no response to my questions by email. “Despite the poor communication the company appears to be moving a large number of tickets,” he said.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
