Tag: customer data

  • TicketToCash Database Leak Exposes Personal Information of 520,000 Customers

    TicketToCash Database Leak Exposes Personal Information of 520,000 Customers

    In a alarming incident, TicketToCash, a prominent online platform for reselling event tickets, has suffered a data breach due to a misconfigured database that exposed sensitive information of approximately 520,000 customers. Cybersecurity researcher Jeremiah Fowler uncovered a 200GB database that was publicly accessible without any password protection. The breach includes not only basic user details like names and email addresses but also partial credit card information and physical addresses related to concert and event tickets.

    Fowler’s investigation revealed that the compromised data contained extensive Personally Identifiable Information (PII) along with financial details. The exposed records included not just customer names and email addresses, but also crucial data such as credit card numbers and home addresses, raising significant concerns regarding privacy and security.

    Despite receiving a disclosure notice from Fowler, TicketToCash’s response was lackluster as the database remained unprotected for four days after the initial warning. According to Fowler, a second alert prompted the company to finally secure the database, but it highlights serious lapses in the management of sensitive user data.

    Cybersecurity experts warn that such vulnerabilities can lead to increased risks of phishing, identity theft, and potentially fraudulent activities. Fowler emphasized the long-term implications of the leaked data, citing a report that shows a notable increase in ticket scams affecting consumers in secondary markets, which underscores the urgency for platforms like TicketToCash to bolster their data protection protocols.

    The questions surrounding the ownership and management of the breached database remain unclear. It is uncertain if TicketToCash directly managed it or if a third-party contractor was involved, further complicating the issue of accountability in handling user data. Users are advised to remain vigilant against potential scams and to update their security measures, including passwords and authentication methods.

  • Data Breach at Europcar Exposes Personal Information of Up to 200,000 Customers

    Data Breach at Europcar Exposes Personal Information of Up to 200,000 Customers

    In a significant security incident, multinational car-rental company Europcar Mobility Group reported a data breach that has exposed personal information of up to 200,000 customers. The breach involved unauthorized access to the company’s GitLab repositories, where source code for its Android and iOS applications, as well as sensitive personal information, was stolen.

    The breach, announced by the threat actor in late March, revealed that they had successfully acquired over 37GB of data including SQL backups and confidential configurations. The hacker has made demands for extortion, threatening to release the sensitive data unless their demands are met. The data includes more than 9,000 SQL files containing personal information, as well as 269 configuration files.

    Europcar Mobility Group, a subsidiary of Green Mobility Holding, operates multiple brands including Europcar, Goldcar, and Ubeeqo. The company serves a large customer base across 140 countries. Following the breach, Europcar is currently assessing the full extent of the damage and is in the process of notifying affected customers.

    Despite the threat actor’s claims, it has been confirmed that not all source code was compromised, with some components remaining untouched. Importantly, more sensitive information such as bank account details or passwords has not been found among the stolen data. The company has also informed the relevant data protection authority about the breach.

    The method of how the threat actor accessed Europcar’s GitLab repositories remains under investigation. Past incidents have shown that many breaches are facilitated by stolen credentials due to infostealer compromises. Europcar previously faced a fake breach in which an individual falsely claimed to possess data of nearly 50 million users.