TicketClub Italy Database Offered in Dark Web

A database belonging to TicketClub Italy, a company providing coupons platform for offline purchases, is available for sale on darkweb hacking forums.

TicketClub is an Italian company providing a mobile-based coupons platform for offline purchases. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs.

The platform lists coupons in multiple categories including health, travel, food, services, events. The end-user can download the coupons of interest on the mobile app and show during the checkout at partner stores.

July 19, 2021 – The actor having the alias “bl4ckt0r” has published TicketClub Italy database with over 340,957 users for sale and released several meaningful data dumps which may confirm the breach. The information has been originally published at RaidForums which are known for the illegal selling of any data loss from Internet portals and insecure online services.

The data breach of such a resource having close ties to the victim’s lifestyle may disclose the vital information affecting user’s privacy globally. Having such data and knowing the interests and preferences of potential victims – will be extremely useful for further hypothetical and future phishing and targeted campaigns.

It is worth mentioning the company had also experienced a similar incident back in April 2020 which resulted in 203,859 customer emails being leaked

For today, many of the company’s customers reported their website is not available.

According to Saraj Pant, cyber threat intelligence analyst with Resecurity, Los-Angeles -based cybersecurity company, it is not the first time such resources have been attacked by cybercriminals.

May 2018 – Ticketfly, the indie-focused ticketing service that was purchased by Eventbrite, had also suffered a cyber attack. Ticketfly was defaced by an attacker and was subsequently taken offline. The attacker allegedly requested a ransom to share details of the vulnerability with Ticketfly but did not receive a reply and subsequently posted the breached data online to a publicly accessible location.

Same year – Ticketmaster’s U.K. division was slapped with a $1.65 million fine by the Information Commissioner’s Office (ICO) in the UK, over its data breach that impacted millions of customers.

“Retail, hospitality and brand loyalty programs databases contain vast amounts of consumers’ data which is always in scope of interests of financially-motivated cybercriminals willing to monetize it or sell it on the Dark Web.” – he added.

The editorial was not able to receive any further comment from TicketClub.

About the author: Gene Yoo, Chief Executive Officer (Resecurity, Inc.)

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, TicketClub)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.