Massive ticket fraud scheme targeting Groupon and Ticketmaster uncovered with discovery of unsecured database

Unsecured database containing 17 million email addresses was found to be part of fraud targeting Groupon, Ticketmaster and other online ticket vendors

Researchers at cyber security firm vpnMentor have discovered a massive online ticket fraud targeting Groupon, Ticketmaster and several other ticket vendors for at least three years.

The fraud was uncovered after the research team, led by Ran Locar and Noam Rotem, discovered an unsecured database exposing 17 million email addresses online.

At first, the researchers thought they had found a database owned by a legitimate organisation. But they quickly discovered that the database actually belonged to a criminal network rather than a company.

According to vpnMentor, the gang had collected a large number of emails in the past years, and also created their own email accounts, which were eventually used to create fake accounts on Groupon, and several other online ticket vendors. The fake accounts were linked with stolen credit card details and then used to purchase online tickets from the websites of ticket vendors.

The tickets purchased were eventually sold to fans in order to earn profits. The scheme was running smoothly since 2016, according to researchers, until the cybercriminals made a huge error by leaving the unsecured email database on internet.

In total, the database contained 1.2 terabytes of data, containing personal information of all individuals who purchased tickets from a vendor website that used ticket processing platform Neuroticket.

Nearly 90 per cent of the database records (approximately 16 million) belonged to popular coupon and discounts website Groupon.

The remaining 10 per cent of the database included records from other vendors like Ticketmaster and Tickpick, as well as several local venues, such as Fox Theatre in Georgia, the Pacific Northwest Ballet, and the Colorado Ballet in Denver.

The researchers said they notified Groupon about the findings. The company said that the database discovered was similar to what they had earlier found in the 2016 fraud. The company also stated that the total number of emails present in the exposed dataset and actually related to the purchase of tickets was not more than 673.

In 2016, a large number of Groupon users were left out of pocket after being targeted by hackers.

The hacked users said they lost thousands of pounds after the attackers took over their accounts to buy things like holidays and Playstation games consoles on their accounts.

In March, a study by security researchers at Distil Networks revealed that 'bad bots' account for as much as 40 per cent of the traffic on ticketing websites.

The study claimed that these automated programmes are used by brokers, cybercriminals and hospitality agencies to perform a variety of activities including denial of inventory, scraping seat map inventory, spinning and scalping of tickets, customer account takeover, and committing frauds.