Central Tickets Suffers Major Data Breach, Exposing User Information
In July 2024, Central Tickets, a London-based platform specializing in discounted theatre tickets, encountered a significant data breach that compromised a broad spectrum of personal information for its users. The breach began on July 1, but Central Tickets remained unaware of the incident until September 2024, when the Metropolitan Police reported detecting discussions on the dark web regarding the illegally obtained data.
Central Tickets confirmed that the breach affected a staging database designed for testing, which operated independently from their primary website and application. Nevertheless, the database contained sensitive users’ information, including full names, email addresses, phone numbers, and hashed passwords, all of which were accessed by an unauthorized individual. The company took immediate action upon discovering the breach, reporting it to the UK Information Commissioner’s Office (ICO) within the mandatory 72-hour timeframe dictated by GDPR regulations.
To mitigate the fallout, Central Tickets quickly secured the compromised database and enforced a mandatory password reset for all users, launching an extensive investigation into the breach’s particulars. In a communication to affected users, CEO Lee McIntosh extended apologies and emphasized the company’s commitment to enhancing its cybersecurity measures to avert future incidents.
While the exact number of affected users has not been disclosed, Central Tickets cautioned that individuals may be susceptible to phishing attempts. The company urged users to exercise vigilance, particularly when confronted with suspicious emails, phone calls, or text messages that could be part of a phishing scheme.
Hackread.com’s investigative team successfully traced the activities of the alleged hacker involved in this breach, known by the alias 0xy0um0m. According to their findings, the hacker gained access to Central Tickets’ systems on July 2, 2024. On that day, the hacker attempted to sell access to the stolen data, including credentials for Central Tickets’ database and infrastructure, for $3,000. Furthermore, in September 2024, the hacker leaked data concerning approximately one million customers, revealing a trove of sensitive information such as full names, IP addresses, admin logs, referral codes, email addresses, phone numbers, password hashes, account creation dates, and records of attended events.
This incident raises alarm within the cybersecurity community, echoing trends seen within the broader ticketing industry, where online platforms have become prime targets for cybercriminals. A notable example occurred in May 2024, when Ticketmaster suffered a significant breach affecting up to 560 million users due to vulnerabilities in a third-party customer support tool.
The Central Tickets breach, though less extensive than the Ticketmaster incident, underscores the pressing need for robust cybersecurity practices across the ticketing sector. These platforms routinely handle sensitive user information, including payment details, making them attractive targets for malicious actors.
From a cybersecurity perspective, this incident highlights a potential failure in initial access and detection, key tactics within the MITRE ATT&CK framework. The ability to exploit vulnerabilities in staging environments may have allowed unauthorized access without immediate detection, emphasizing the necessity of stringent monitoring and rapid incident response capabilities. Business owners in the sector must prioritize implementing advanced cybersecurity measures, including continuous monitoring for unauthorized access, stringent access controls, and user education to mitigate risks associated with these increasingly common cybersecurity threats.
As businesses navigate these challenges, it is essential to recognize the importance of maintaining vigilant cybersecurity practices, especially given the growing sophistication of cyber threats targeting the ticketing industry.
