•   
  •   

Tech & ScienceExposed database reveals apparent ticket fraud scheme

16:00  11 september  2019
16:00  11 september  2019 Source:   cnet.com

Amanda Holden surprises fans as she reveals huge career change

Amanda Holden surprises fans as she reveals huge career change Amanda Holden revealed a huge career change on Monday and fans were quick to congratulate her

Exposed database reveals apparent ticket fraud scheme © Provided by CBS Interactive Inc. Researchers found signs of a fraud ring in an exposed database, they revealed Wednesday. Graphic by Pixabay/Illustration by CNET

It was a good plan, as far as frauds go: rip off fans of live performances while simultaneously fleecing some of the internet's biggest ticket vendors, such as Groupon , Ticketmaster and TickPick. The fraudsters create accounts with the ticket sellers and use stolen credit card information to make their purchases. Then, they turn around and resell the tickets to fans, who might not be able to use them if the fraudsters resell them multiple times or the original sale is voided.

Cork camogie star Ashling Thompson reveals regrets over night club assault

Cork camogie star Ashling Thompson reveals regrets over night club assault Cork camogie star Ashling Thompson reveals regrets over night club assault

The well-laid plan fell apart, however, when a simple cybersecurity mistake revealed the scam. The reason: the apparent fraudsters forgot to password protect their cloud database.

Security researchers Noam Rotem and Ran Locar found last month an unsecured database containing records of 17 million emails received by accounts made with the three ticket vendors, as well as a handful of local venues. Groupon says the records show similarities to a scam the company identified in 2016. The database is no longer online. The researchers don't know who created the database, but believe it was used for criminal activity.

Read more: Do you live in a fraud hotspot? (PA Media)

"We've worked on many similar database breaches, and certain aspects of this one didn't add up," the researchers wrote. "After contacting Groupon with our concerns, the full extent of what we'd uncovered was revealed."

Game Of Thrones Script Finally Reveals Why Drogon Melted The Iron Throne

Game Of Thrones Script Finally Reveals Why Drogon Melted The Iron Throne The real reason why Drogon the dragon destroyed the Iron Throne in the last ever episode of Game of Thrones has finally been revealed. 

In a report published Wednesday with software review site vpnMentor, Rotem and Locar outline how they found records of emails, the email addresses and names used to buy the tickets, and other details that would make it simple to identify and remove fraudsters' accounts from a ticket vendor's systems. Anyone visiting the correct IP address could see the data.

The data exposure is more evidence -- if any were needed -- that everyone, even criminals, struggles with cybersecurity. Improperly secured databases have led to the exposure of caches that include children's information, vast swathes of demographic data and health records. The problem usually starts when an organization misconfigures its cloud server, failing to select more private settings when it puts data online.

In this case, the data appeared to be the blueprint of a crime.

At first, Rotem and Locar thought they had found information owned by a legitimate business, like a third-party mailing service used by multiple ticket companies. But soon they saw hints that something was off. First, they realized there was no website for the mailing service. Then they saw the email addresses in the database didn't appear to belong to real people.

Nasa Reveals 'Heavy Metal' Planet Shaped Like a Football With 4,600 Degree Atmosphere

Nasa Reveals 'Heavy Metal' Planet Shaped Like a Football With 4,600 Degree Atmosphere The exoplanet, dubbed WASP-121b, is located around 900 light-years from Earth. According to observations conducted by the Hubble Space Telescope, heavy metals such as iron and magnesium are escaping the planet's upper atmosphere as gases—the first time this phenomenon has been detected in an exoplanet. The fact that these heavy metals can escape as gases can be explained by the incredibly high temperature of the atmosphere—a result of the planet, dubbed WASP-121b, being so close to its host star.

Finally, Groupon told the researchers that the data they found was similar to what they'd seen in the 2016 fraud. Almost all of the records in the database were marketing emails from Groupon, which sends frequent emails on deals of the day to users. Groupon said there were about 20,000 email addresses in the exposed dataset, but the total number of emails that related to the purchase of tickets was at most 673.

Groupon declined to confirm whether it was taking any action based on the findings. Ticketmaster didn't respond to requests for comment.

Jack Slingland, vice president of operations at TickPick, didn't comment directly on the researchers' findings but said the company is continually on the alert for fraud activities. He said customers who purchase tickets resold through TickPick are guaranteed comparable tickets if they arrive at the venue and find they've been sold a fraudulent ticket.

However, the guarantee doesn't apply if fraudsters buy tickets from TickPick and then resell them on another ticket-selling site.

Slideshow: Thirty of the biggest scams in modern history (Stacker)

Paolo From Friends Reveals The Real Story Behind His Italian Lines

Paolo From Friends Reveals The Real Story Behind His Italian Lines The one where he ad-libbed his lines 

Exposed database reveals apparent ticket fraud scheme

MSN UK is committed to Empowering the Planet and taking urgent action to protect our environment. We’re supporting Friends of the Earth to help solve the climate crisis, please give generously here or find out more about our campaign here.

750,000 social welfare claims to be reviewed as part of Government clampdown on fraud.
The Department aims to save €530 million by tackling fraud over the next four years.

—   Share news in the SOC. Networks

Topical videos:

usr: 4
This is interesting!