A major network error has led to the stealing of Dutch e-ticketing platform Ticketcounter’s data containing 1.9 million unique email addresses.
An unsecured server was accessed by a threat actor, who made an attempt to sell the stolen Ticketcounter database in the black market. It created attention and was immediately reported to take down the post.
Ticketcounter is a company that allows clients to provide online tickets for their venues. Dutch zoos, parks, museums, and other events use the platform to simplify registration and ticket acquisition.
According to reports by BleepingComputer, some of the exposed data include full names, email addresses, phone numbers, IP addresses, and hashed passwords of Ticketcounter customers. It was said that the post was also removed to prevent the authorities from jumping in, especially the Netherlands Police.
However, threat actors said they have ‘no fear of the law enforcement and remove it on the black market to sell the database privately.
Although there were no public announcements made yet, Ticketcounter has reached BleepingComputer and confirmed the breach. CEO Sjoerd Bakker said they have a copy of the database from the Microsoft Azure services to be able to replace it with fake data and prevent threat actors from benefiting from the breach.
Unfortunately, after making a copy of the database, the company didn’t secure it, which led to the exposure of the files. The threat actor easily took notice, downloaded the database, and now accessed all the 1.9 million customer information.
Hackers contacted the company directly, demanding a ransom of seven bitcoins or approximately $337,000 in order to not leak the data. If this ransom isn’t fulfilled, the threat actor warned that it will contact all Ticketcounter partners to notify them of the massive data breach that took place.
The e-ticketing platform was a step ahead of the threat actor, as it had informed all clients and shared what specific information was affected. The company has advised all partners to perform data breach notifications to alert customers.
Ticketcounter is already taking steps to help clients with securing and protecting their information. It has created several resources for facilitating data breach notifications, which include widget FAQs and email templates to learn about the breach.
Few days after not receiving the ransom, the threat actor has released the database on a hacker forum for free. The hacker provided a data breach lookup service to Have I Been Pwned’s Troy Hunt.
