What types of data were exposed in the Ticket to Cash database?

Exposed documents included thousands of concert and live event tickets, proof of ticket transfers, user-submitted screenshots of receipts, partial credit card numbers, full names, email addresses, and home addresses. The database contained files in PDF, JPG, PNG, and JSON formats.

Who owned the exposed database?

It's unclear if the database was owned and managed directly by Ticket to Cash or by a third-party contractor. No definitive ownership information was provided in the disclosure.

How long was the Ticket to Cash database exposed?

The duration of the exposure before discovery is unknown. However, the database remained publicly accessible for several days after the initial disclosure notice was sent.

Has Ticket to Cash provided any further information about the breach?

No other information was disclosed by Ticket to Cash following the security incident and subsequent restriction of access to the database.

How many records were exposed in the Ticket to Cash data breach?

The unprotected database contained 520,054 records belonging to Ticket to Cash users and customers.

Who discovered the Ticket to Cash data breach?

The data breach was discovered by cybersecurity researcher Jeremiah Fowler, who then attempted to responsibly disclose the issue to Ticket to Cash.

Incident

Ticket to Cash data leak exposes over 520,000 records

Q: What security incident was recently discovered related to Ticket to Cash?

Cybersecurity researcher Jeremiah Fowler discovered an unprotected database containing 520,054 records belonging to Ticket to Cash, an online ticket resale platform. The database was publicly accessible and contained sensitive customer information.

Q: How did Ticket to Cash respond to the data breach notification?

Fowler submitted a responsible disclosure notice to TicketToCash.com but did not receive an initial reply. The database remained publicly accessible for several days. During the four days between the first and second disclosure notices, over 2,000 additional files were added to the exposed database. Access to the database was finally restricted only after a second notice was sent.

published: April 30, 2025

Learn More

Cybersecurity researcher Jeremiah Fowler has discovered an unprotected database containing 520,054 records belonging to Ticket to Cash, an online ticket resale platform. The database name indicated it contained customer inventory files in PDF, JPG, PNG, and JSON formats.

Exposed documents included:

Thousands of concert and live event tickets
Proof of ticket transfers
User-submitted screenshots of receipts
Partial credit card numbers
Full names
Email addresses
Home addresses

It's unclear if the database was owned and managed directly by Ticket to Cash or by a third-party contractor. There is no details how long the database had been exposed before its discovery is also unknown.

Fowler submitted responsible disclosure notice was sent to TicketToCash.com but did not receive an initial reply. The database remained publicly accessible for several days. During the four days between the first and second disclosure notices, over 2,000 additional files were added to the exposed database.

Access to the database was finally restricted only after a second notice was sent.

No other information was disclosed by Ticker to Cash.

Ticket to Cash data leak exposes over 520,000 records

Read More
Lost and Found Software tracking site leaks over …
BriansClub.cm card black market hacked, card data reported …
Pi-hole network Ad-Blocker reports data breach exposing 30,000 …
Australian online prescription provider MediSecure hit by massive …
Cyberattack on UK software developer causes data breach …