Well known Cybersecurity researcher has discovered a significant data leak involving over 500,000 records tied to Ticket to Cash, an online ticket resale platform.
The exposed database, totaling 200GB, was left unsecured and contained highly sensitive details including full names, email addresses, physical addresses, and partial credit card information. Alongside this personal data were thousands of digital ticket files, confirmations of ticket transfers, and user-submitted receipts. The researcher traced the breach back to Ticket to Cash through internal file structures, but his initial attempts to alert the company went unanswered. It took four days and a follow-up notification before the database was finally closed off, during which time even more records were leaked.
At this point, it’s unclear whether the compromised data was directly managed by Ticket to Cash or by an external service provider acting on their behalf. The exposure of such personally identifiable and financial information poses serious privacy concerns, particularly as the use of digital ticketing continues to grow. This breach underscores the urgent need for stronger security measures, faster incident response, and greater transparency to protect users and maintain trust in digital platforms.
