Monday , July 13 2026
Ticket

Ticket resaler exposed ​​520,054 records size of 200 GB

Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database with 520,054 records from an event ticket resale platform and reported it to vpnMentor.

The unprotected public database had 520,054 records totaling 200 GB. It was labeled as containing customer inventory files in PDF, JPG, PNG, and JSON formats. A review of the files revealed many concert and event tickets, ticket transfer proofs, and user-submitted receipts. Some documents included partial credit card numbers, full names, email addresses, and home addresses.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

Jeremiah Fowler reported that internal files showed the records belonged to Ticket to Cash, an online ticket resale platform. It took several days and a follow-up notice before the database was restricted from public access. During the four days between the initial and second disclosure, over two thousand more records were exposed.

Data exposure involving Personally Identifiable Information (PII) can lead to various malicious activities, with identity theft being the primary concern when sensitive data like SSNs or dates of birth are leaked. Even with just names, email addresses, physical addresses, and partial financial data, scammers can build a fuller profile of victims for ongoing exploitation.

This collage of screenshots shows order summaries and tickets that contain PII and partial credit card numbers.

Jeremiah Fowler said tickets for several thousand dollars that were valid for up to 6-7 months in the future. This could hypothetically provide the financial incentive and enough time for a sophisticated attack on the account, counterfeiting, or other fraudulent activity.

A 2023 LendingTree report revealed that 11% of ticket buyers on secondary markets or unreliable sites were scammed. The Guardian reported a 529% increase in ticket scams in the UK last year, with victims averaging a loss of £110 ($145).

Jeremiah Fowler recommend that individuals who believe they may have been affected by a data breach be vigilant:

Monitor your financial accounts for unusual activity and periodically check your credit reports for any new accounts in your name.

Update passwords for any potentially compromised online accounts, and enable multi-factor authentication (MFA) whenever possible for extra security.

Stay alert for phishing attempts, especially emails about ticket purchases or payment issues. Always verify such messages through official channels, and report any suspicious activity to your bank, credit card provider, or relevant service provider.

TicketToCash.com is an online platform where people can sell tickets for concerts, sports, and theater events. It connects users to over 1,000 resale websites. Sellers can list their tickets for free, but Ticket to Cash takes a commission once a sale is made. If tickets don’t sell, the seller loses the full ticket value.

Check Also

email

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of …