Upon further investigation, however,we began to suspect a wider criminal enterprisemight be at play.
Weve worked on many similar database breaches, and certain aspects of this one didnt add up.
After contacting Groupon with our concerns, the full extent of what wed uncovered was revealed.
Groupon has been trying to shut this operationdown ever since it started, but it has proven resilient.
But rare are these times.
In this case, we initially suspected a vulnerability in Neuroticket, a mailing system linked to the database.
We work hard onpublishing accurate and trustworthy reports,to ensure everybody who reads them understands their seriousness.
This is why we decided to rewrite this whole report, to better reflect our weeks of investigation.
It contained17 million records and 1.2 terabytes of data - a huge amount of information.
The breachseemed to give access to personal details of anyone purchasing tickets from a websiteusing Neuroticket.
Initially, we believed this vulnerability compromised customers on these websites.
The leak included many small, independent events spaces and venues across the USA.
These included:
Two of theinternet’s biggest ticket vendors were also affected:Ticketmaster&Tickpick.
However,90% of the database involved records from popular coupon and discounts website Groupon,totaling 16 million altogether.
Only one person replied to us.
It was then we learned the true nature of our discovery.
Groupon had been able to close most of the accounts,but not all of them.
The operation has remained resilient, despite excellent work by the company.
From the beginning of this process, Groupons CISO has been incredibly co-operative, proactive, and professional.
However, at some point they stopped replying, and we were left without answers.
They would then, according to Groupon,resell these tickets to unsuspecting members of the public.
This is a known issue with many open databases.
It is usually triggered by automated scripts and not manually by humans.
The fraud being perpetrated using this database hasno doubt cost the company significant revenue.
With the entire operation finally exposed, they canshut it down for good.
Upon locating these weak points, the team searches for susceptibilities that could result in a data breach.
When they find leaked data, they use several expert techniques to verify the databases identity.
In this case, we decided to contact Groupon and the other ticket vendors.
We also carry a responsibility to the public.
The purpose of the exercise is to help make the internet safer for everybody.
About Us and Previous Reports
vpnMentoris the worlds largest VPN review website.
Speaking of security and coupons, you may want to check out our “best VPN coupons” page.
We can’t unhack your site, but we can help you protect your PC.
[Publication date: 11.09.2019]
hey, comment on how to improve this article.
