Central Tickets reports data breach exposing user data
Learn More
Central Tickets, a discount theatre ticketing platform, is reporting a data breach that exposed the personal information of its users.
The breach occurred on July 1, 2024, but the company only became aware of it in September, after being alerted by the Metropolitan Police about discussions on the dark web. The breach affected a staging database used for testing purposes, which was isolated from the main website and app. Central Tickets reported the incident to the Information Commissioner’s Office (ICO) on September 13, 2024.
The compromised data includes:
- Names
- Email addresses
- Mobile numbers
- Hashed passwords
No details are disclosed about the nature of the attack or the number of affected individuals. The countermeasures taken indicate that the staging database was exposed or passwords to it have leaked.
The company has taken measures to secure the system, including locking down the affected database, enforcing a password reset, and auditing its IT infrastructure. Users have been warned to remain vigilant for phishing attempts.
Update - Hackread.com tracked the hacker responsible for the breach, known by the alias 0xy0um0m. The hacker gained access to Central Tickets’ systems on July 2, 2024, and attempted to sell the stolen data for $3,000, offering access to the company’s database and infrastructure. By September 2024, 0xy0um0m had leaked the personal information of 1 million users on Breach Forums. The leaked data included:
- Full names,
- IP addresses,
- Admin logs,
- Referral codes,
- Email addresses,
- Phone numbers,
- Password hashes,
- Account creation dates,
- Events attended by customers, and additional internal data.
