Ticketcounter is an e-ticketing platform that allows customers, such as zoos, parks, museums and events, provide online tickets.
Initially, it was said that hacker took out the ad because he was afraid it might be noticed by her Dutch Police. However, the scammer told BleepingComputer that he was not afraid of the police but removed the ad, because the Ticketcounter database was sold privately.
According to some samples of the database seen by BleepingComputer, the exposed items may include: full names, addresses e-mail, phone numbers, IP addresses and hashed passwords.
E-ticketing Ticketcounter platform confirmed the breach
Ticketcounter confirmed the violation data. The CEO of the e-ticketing platform, Sjoerd Bakker, stated that there was no proper protection of the staging server and that a cyber criminal managed to download the database with the data of users.
Bakker said shortly after the post about the sale of the database, the hacker also contacted Ticketcounter and asked for seven Bitcoin, or about $ 337.000, to prevent data from being leaked. The criminal said that if Ticketcounter did not give him the cryptocurrencies, he would contact all the partners of the platform to inform them about the data breach.
However, the Ticketcounter had already informed all customers on about infringement and stolen data. As the actual ticket buyers are customers of Ticketcounter customers, each customer of the platform notifies buyers of the breach.
The e-ticketing platform facilitates these breach alerts with lookup widgets, FAQs and e-mail templates that her clients can share with their clients to report the breach.
Since he did not receive Bitcoin, the hacker posted the database to a hacking forum.
Source: Bleeping Computer