•   
  •   
  •   

TechnologyExposed database reveals apparent ticket fraud scheme

15:40  11 september  2019
15:40  11 september  2019 Source:   cnet.com

Emmy Nominations: The Good, the Bad and the Just Weird Reveals

Emmy Nominations: The Good, the Bad and the Just Weird Reveals HBO is tops, broadcast networks are hanging on for dear life and the TV Academy gave a second look at a bunch of shows that it had previously overlooked.

The reason: the apparent fraudsters forgot to password-protect their cloud database . Security researchers Noam Rotem and Ran Locar last month found an unsecured database containing records of 17 million emails received by accounts made with the three ticket vendors

Robinhood reveals error that left user passwords exposed . © Provided by CBS Interactive Inc. Researchers found signs of a fraud ring in an The well-laid plan fell apart, however, when a simple cybersecurity mistake revealed the scam. The reason: the apparent fraudsters forgot to password

It was a good plan, as far as frauds go: rip off fans of live performances while simultaneously fleecing some of the internet's biggest ticket vendors, such as Groupon , Ticketmaster and TickPick. The fraudsters create accounts with the ticket sellers and use stolen credit card information to make their purchases. Then, they turn around and resell the tickets to fans, who might not be able to use them if the fraudsters resell them multiple times or the original sale is voided.

Exposed database reveals apparent ticket fraud scheme© Provided by CBS Interactive Inc. Researchers found signs of a fraud ring in an exposed database, they revealed Wednesday. Graphic by Pixabay/Illustration by CNET Exposed database reveals apparent ticket fraud scheme© CNET

Researchers found signs of a fraud ring in an exposed database, they revealed Wednesday.

Whitney Port Reveals She Suffered a Miscarriage

Whitney Port Reveals She Suffered a Miscarriage Whitney Port revealed she suffered a miscarriage while expecting baby No. 2 with her husband, Tim Rosenman. Stars Who Struggled to Conceive Children “This is really hard for me to write,” The Hills: New Beginnings star, 34, captioned a Tuesday, July 23, Instagram post. “Two weeks ago, I had a miscarriage. The amount of various emotions I felt in the past couple weeks have been extreme… from shock to sadness to relief, which then led to guilt for feeling that relief. My identity has been shaken in regards to who as a mom and human being.” View this post on Instagram This is really hard for me to write. Two weeks ago, I had a miscarriage.

Unsecured database reveals sensitive info about movie chain customers. Database exposes names of risky potential bank customers.

The researchers, led by Noam Rotem, have been unable to identify the owner of the database , which is still online and requires no password to access. Exposed database reveals apparent ticket fraud scheme .

The well-laid plan fell apart, however, when a simple cybersecurity mistake revealed the scam. The reason: the apparent fraudsters forgot to password protect their cloud database.

Security researchers Noam Rotem and Ran Locar found last month an unsecured database containing records of 17 million emails received by accounts made with the three ticket vendors, as well as a handful of local venues. Groupon says the records show similarities to a scam the company identified in 2016. The database is no longer online. The researchers don't know who created the database, but believe it was used for criminal activity.

Showtime's Homeland reveals new final season premiere date

Showtime's Homeland reveals new final season premiere date Showtime's Homeland reveals new final season premiere date

Exposed database reveals apparent ticket fraud scheme .

Fake ad blocker extensions used in ad fraud scheme . Exposed database reveals apparent ticket fraud scheme .

"We've worked on many similar database breaches, and certain aspects of this one didn't add up," the researchers wrote. "After contacting Groupon with our concerns, the full extent of what we'd uncovered was revealed."

In a report published Wednesday with software review site vpnMentor, Rotem and Locar outline how they found records of emails, the email addresses and names used to buy the tickets, and other details that would make it simple to identify and remove fraudsters' accounts from a ticket vendor's systems. Anyone visiting the correct IP address could see the data.

The data exposure is more evidence -- if any were needed -- that everyone, even criminals, struggles with cybersecurity. Improperly secured databases have led to the exposure of caches that include children's information, vast swathes of demographic data and health records. The problem usually starts when an organization misconfigures its cloud server, failing to select more private settings when it puts data online.

MoviePass exposed thousands of unencrypted customer card numbers

MoviePass exposed thousands of unencrypted customer card numbers Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password. Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on one of the company's many subdomains. The database was massive, containing 161 million records at the time of writing and growing in real-time. Many of the records were normal computer-generated logging messages used to ensure the running of the service — but many also included sensitive user information, such as MoviePass customer card numbers.

The open database , which anyone with the correct IP address could access on a web browser, also exposed information about members of the company's loyalty program, including employment and marital status. Exposed database reveals apparent ticket fraud scheme .

Exposed database reveals apparent ticket fraud scheme . UNICEF data leak reveals personal info of 8,000 online learners.

In this case, the data appeared to be the blueprint of a crime.

At first, Rotem and Locar thought they had found information owned by a legitimate business, like a third-party mailing service used by multiple ticket companies. But soon they saw hints that something was off. First, they realized there was no website for the mailing service. Then they saw the email addresses in the database didn't appear to belong to real people.

Finally, Groupon told the researchers that the data they found was similar to what they'd seen in the 2016 fraud. Almost all of the records in the database were marketing emails from Groupon, which sends frequent emails on deals of the day to users. Groupon said there were about 20,000 email addresses in the exposed dataset, but the total number of emails that related to the purchase of tickets was at most 673.

Groupon declined to confirm whether it was taking any action based on the findings. Ticketmaster didn't respond to requests for comment.

Jack Slingland, vice president of operations at TickPick, didn't comment directly on the researchers' findings but said the company is continually on the alert for fraud activities. He said customers who purchase tickets resold through TickPick are guaranteed comparable tickets if they arrive at the venue and find they've been sold a fraudulent ticket.

However, the guarantee doesn't apply if fraudsters buy tickets from TickPick and then resell them on another ticket-selling site.

Read More

Lori Loughlin Is ‘Absolutely Terrified’ After Being Hit With New Charge .
Lori Loughlin Is ‘Absolutely Terrified’ After Being Hit With New Charge“Lori is absolutely terrified and extremely vulnerable,” a source tells Us Weekly exclusively. “The only hope is that she is acquitted or if she is convicted, the judge will realize the government has been completely overzealous and gives her a very light prison sentence.

—   Share news in the SOC. Networks

Topical videos:

usr: 1
This is interesting!