Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database belonging to Ticket to Cash, an event ticket resale platform. The database exposed 520,054 records, including various personally identifiable information (PII) such as names, email addresses, and partial credit card data. Initially reported without a response, Fowler sent a second notice leading to database restrictions after four days, during which thousands more files were added. The affiliations of Ticket to Cash with the database management remain unclear, raising concerns about data security and potential risks including phishing and identity theft.
The platform Ticket to Cash left a database of over 520,000 records exposed for four days, including sensitive personal information and ticket details.
Personal identifiable information found in the exposed records risks phishing attacks, identity theft, and financial fraud, highlighting the serious implications of such a data breach.
After failing to receive a reply to initial disclosures, researcher Jeremiah Fowler noted that over 2,000 additional files had been added before the database was secured.
It's unclear if Ticket to Cash manages the database directly or through a contractor, raising questions about accountability and data security procedures.
Collection
[
|
...
]