What happened in the Atif Aslam concert data breach in Dhaka?

A data breach was reported regarding the upcoming Atif Aslam concert in Dhaka, scheduled for November 29, 2024. A developer identified vulnerabilities on the website of 'Ticket Tomorrow,' the official ticketing partner, which allowed unauthorized access to the entire database, including personal information of ticket holders.

What information was exposed in the Atif Aslam concert data breach?

The exposed information includes names, contact information (e.g., phone numbers, email addresses), and ticket classifications (e.g., front zone, general zone, magical zone). The developer also shared PDF tickets containing sensitive information before removing the data.

How did the developer handle the Atif Aslam concert data breach?

The developer publicly disclosed the security flaw on Facebook, shared a Google Drive link with compromised data, and later removed it, stating that the exposure of the vulnerability would push the company to improve security and prevent scammers from exploiting it.

What actions have been taken by Ticket Tomorrow and concert organizers?

Ticket Tomorrow acknowledged the breach, apologized, and stated that legal action has been initiated against those responsible. Security measures have been reinforced, and approximately 9,800 ticket holders have received new PDF tickets via email, with hard copies still being distributed.

What should attendees do following the Atif Aslam concert data breach?

Attendees are advised to remain vigilant, monitor their personal information for unauthorized use, and be cautious of potential scams or misuse of their data.

What was the response from Triple Time Communications?

Arifa Shobnom, PR and communications director of Triple Time Communications, acknowledged the security oversight, explaining that focus on the event's security led to a lack of attention to the website's security. Efforts have since been made to rectify the situation.

Incident

Data leak at Atif Aslam concert in Dhaka exposes attendee info

published: Oct. 24, 2024

Learn More

A data breach has been reported concerning the upcoming Atif Aslam concert in Dhaka, scheduled for November 29, 2024. A developer identified as "Fardeen Ahmed Cse" disclosed on Facebook that the official ticketing partner, "Ticket Tomorrow," lacked fundamental security measures on its website.

The website vulnerabilities allegedly allow unauthorized access to the entire database, including ticket details and personal information of concert-goers, including:

Names
Contact information (e.g., phone numbers, email addresses)
Ticket classifications (e.g., front zone, general zone, magical zone)

The developer claimed the ability to edit, delete, or generate tickets. He shared a Google Drive link containing compromised data, including PDF tickets with sensitive information. Some individuals confirmed finding their details in the leaked files.

Following the publication, the developer removed the data and stated, "I exposed the security flaw, shared the leaked tickets, and now everyone knows the tickets are accessible to anyone. This makes it harder for scammers to take advantage, and it pushes the company to finally address the issue [which they wouldn't have done if the post hadn't gone viral]."

Arifa Shobnom, PR and communications director of Triple Time Communications, acknowledged the oversight in website security, stating, "We were so focused on ensuring maximum security for the artist and audience that there was a lack of attention towards the security on the site." She noted that approximately 9,800 people had purchased tickets, all of whom have received new PDFs via email, with hard copies still being distributed.

Ticket Tomorrow issued a statement recognizing the breach: "We encountered an issue where some user and ticket data were accessed without authorization. We sincerely apologize for any concern this may have caused. Rest assured, we have already taken legal action against those responsible and have reinforced our safety measures."

Attendees are advised to remain vigilant and monitor their personal information for any unauthorized use.

Data leak at Atif Aslam concert in Dhaka exposes attendee info

Read More
Durex India leaks customer confidential data
Activist group scrapes 300TB from Spotify Music Library
Western Sydney University reports two more security breaches …
Detroit Symphony Orchestra reports data breach
CoinsPaid hacked, over $7m stolen