Dutch e-Ticketing platform, Ticketcounter suffered a data breach when a user database containing 1.9 million unique email addresses was stolen from an unsecured staging server.
Ticketcounter allows clients, such as zoos, parks, museums, and events, to provide online tickets to their venue.
A threat actor created a topic on a hacker forum to sell the stolen Ticketcounter database which was immediately taken down, to which the threat actor reported that the database was sold privately.
From the samples of the database, it was found that the exposed data includes full names, email addresses, phone numbers, IP addresses, and hashed passwords.
Ticketcounter has confirmed the data breach and its CEO, Sjoerd Bakker told that they copied a database to a Microsoft Azure server to test an ‘anonymization process’ that replaces personal data with fake data.
Unfortunately, after copying the database, it was not secured properly, and the threat actor was able to download it.
Bakker stated that after the threat actor sold the database, the hacker contacted Ticketcounter and demanded seven bitcoins, or approximately $337,000, not to leak the data. The threat actor also threatened the company that if they do not make a payment, they would contact all of Ticketcounter’s partners to alert them of the breach.
However, Ticketcounter has already informed all its clients and shared what information has been stolen. As the actual ticket buyers are Ticketcounter’s clients’ customers, the individual venues have been advised to perform their own data breach notifications to those affected.
Ticketcounter is creating various resources for his clients to facilitate these data breach notifications. These include lookup widgets, FAQs, and email templates that clients can share with customers to notify about the breach.
When the threat actor did not receive the payment, the database was released for free on a hacker forum.
The stolen database was provided to Have I Been Pwned’s Troy Hunt by the threat actor and added to the data breach lookup service.
The customers who think that they might have been affected can submit their email to Have I Been Pwned to see if it was included in the leaked data.
If it shows that you were affected by this data breach, it is difficult to determine which specific venue/site you have an account. The users therefore must wait until the particular venue discloses the data breach.
The affected users are highly recommended to change their passwords at sites where the same password is used.
Make sure to use a unique password so that a breach at one site does not affect you at other sites.