Data 100,000 Dutch concertgoers by error public
The details of over 250,000 visitors to concerts and festivals is open to the public due to an error of ticketbedrijf Ticketscript.
Ticketscript controls the ticket sales for many concerts and festivals. Due to an error in the database of the company were the full names, email addresses and phone numbers of customers public to view, says RTL Z after examination of beveiligingsonderzoeker Sijmen Ruwhof for the program Ripped off of AVROTROS.
The researcher stumbled upon the leak when he tried to log in the administrator part of the site. That database turned out to be protected with a default user name and password, and Ruwhof unfettered access to the data.
The information of visitors of Amsterdam Dance Event, the Dutch Design Week and the concerts of DJ Martin Garrix. Of the 250,000 leaked data went in over 100,000 cases to data of the Dutch.
The researcher has the leak at Ticketscript reported, and it is now the company poem. The information is according to the lawyer of the ticketbedrijf not by malicious access, only by the beveiligingsonderzoeker.
Troublemakers such information may use, for example, phishing emails or the spread of ransomware. Via the admin section of the site were easily ready-made lists of combinations of names and e-mails will be exported. Because ticket purchases are known, would be attackers are, for example, a fake account can send.