Central Tickets Data Breach Exposes Sensitive User Information

In a cybersecurity incident, Central Tickets, a UK-based online ticketing platform, has confirmed a data breach that compromised sensitive user information.

The breach, which occurred on July 1, 2024, was only discovered in September after the Metropolitan Police alerted the company to “chatter” on the dark web about the incident.

Central Tickets provides discounted and exclusive access to various events, including theater performances and concerts.

Details of the Breach

According to the post from MonThreat, the breach involved unauthorized access to a staging database used for testing purposes, which was separate from the main website and app.

This database contained personally identifiable information (PII) such as names, email addresses, mobile numbers, and hashed passwords.

The hashed passwords were stored using SHA-1, a weaker hashing algorithm without added salts, posing a significant risk to users.

Additionally, the exposed data included IP addresses, device information, purchase histories, and other internal details.

A threat actor, known by the alias “0xy0um0m,” claimed to have obtained the database and initially attempted to sell it on a dark web forum for $3,000.

The data was later leaked publicly, affecting over 722,860 accounts.

This leak included a trove of data such as full names, email addresses, phone numbers, hashed passwords, account creation dates, and events attended by customers.

Impact and Response

Central Tickets promptly reported the breach to the Information Commissioner’s Office (ICO) within the required 72-hour timeframe, as mandated by GDPR.

The company took immediate action by locking down the compromised database, enforcing a forced password reset for all users, and conducting an in-depth investigation into the breach.

Central Tickets also engaged a third-party Cyber Incident Response (CIR) team to thoroughly investigate their systems and identify vulnerabilities.

CEO Lee McIntosh expressed regret and issued a formal apology, emphasizing the company’s commitment to strengthening its cybersecurity infrastructure to prevent future incidents.

Users were warned about potential phishing attempts and advised to remain vigilant when receiving suspicious communications.

Technical Concerns

The use of unsalted SHA-1 hashes for password storage raises significant security concerns.

SHA-1 is considered a weaker hashing algorithm, and without salt, it becomes easier for attackers to crack the passwords using brute-force methods or rainbow tables.

Users are advised to change their passwords, especially if they use the same passwords across other sites, as a precautionary measure.

Future Measures

Central Tickets has committed to enhancing its overall security measures, including regular security audits and continuous monitoring to protect user data.

The company has engaged an external provider under a three-year contract for expert cyber defense support.

In conclusion, the Central Tickets data breach highlights the importance of robust cybersecurity practices, particularly in the storage and protection of sensitive user data.

As cybersecurity threats continue to evolve, companies must invest in proactive defenses to safeguard customer information and maintain trust in their services.

Also Read:

Global Outage Hits X as Dark Storm Claims Responsibility for DDoS Attack

See more