Ticketcounter Data Stolen From Unsecured ServerDatabase Stored Information on 1.9 Million
Ticketcounter , a Dutch e-ticketing platform, says a user database containing personal data on 1.9 million individuals was stolen from an unsecured staging server.
Data stolen included names, email addresses, physical and IP addresses, dates of birth, payment histories and in some cases, bank account numbers.
Ticketcounter CEO Sjoerd Bakker says the hacker has repeatedly demanded Ticketcounter pay a ransom, which the company has not paid.
The company says an unauthorized person downloaded a backup of their database at the beginning of August 2020.
Bakker told news site BleepingComputer that Ticketcounter copied a database to a Microsoft Azure server to test an "anonymization process" that replaces personal data with fake data. After copying the database, it was not secured properly, and the hacker was able to download it, he said.
The hacker demanded seven bitcoins, or approximately $337,000, in exchange for not leaking the data, BleepingComputer reports. The hacker also warned that if Ticketcounter did not make a payment, the hacker would contact all of the company's partners to alert them of the breach.
The data thief created a topic on a hacker forum to sell the stolen Ticketcounter database but quickly took the post down, Bleeping Computer reports. The listing was apparently removed because the hacker wanted to sell the database privately, according to the news report.
Once the breach was identified, Ticketcounter says it removed the backup and informed its business customers about the data breach. "We have reported to the Dutch Data Protection Authority," the company says in a statement. "Our business customers have the option to further inform the data subjects whose personal data has been leaked. It is only natural that we deeply regret that the data has been leaked."
Staging Servers Are at Risk
Javvad Malik, security awareness advocate at KnowBe4, says that staging servers or pre-production environments need to be secured to production standards if they have any live data stored within them.
"It can be all too easy to overlook non-production servers as being less of a risk, but any environment that handles actual customer, partner, or other sensitive information needs to be adequately secured," Malik says. "Ticketcounter's response has to be applauded: Not only did the organization not bow in to ransom demands, but it proactively contacted all of its clients and shared what information had been taken."
Beware of Phishing
Sam Curry, chief security officer at Cybereason, says that Ticketcounter customers can expect to receive phishing emails that appear to come from the company or its partners.
"It is crucial that customers are wary of anything they receive from the company or their partners, and call them directly to find out if they are communicating via email. Better to be safe than sorry in these situations,” Curry says.