vpnMentor, a popular VPN review website, recently exposed a massive criminal operation that has been defrauding Groupon and other major online ticket vendors since 2016.
vpnMentor’s research project, led by security researchers Noam Rotem and Ran Locar, discovered a breach in a massive database that contained 17 million records and 1.2 terabytes of data. The breach seemed to give access to personal details of anyone purchasing tickets from a website using Neuroticket—a mailing system linked to the database.
The researchers revealed the data breach was the result of a vulnerability in a ticket processing platform used by Groupon and other online ticket vendors. The investigation worked on many similar database breaches, and certain aspects of this one didn’t add up.
“The database belonged to a sophisticated criminal network. Since 2016, they have been using a combination of email, credit card, and ticket fraud against Groupon, Ticketmaster, and many other vendors. Groupon has been trying to shut this operation down ever since it started, but it has proven resilient. Working together with Groupon’s security team, we may now have the key to closing the criminal operation down once and for all,” the research team said.
According to the report, 90 percent of the database involved records from popular coupon and discounts website Groupon, totaling 16 million altogether. This can be explained by Groupon’s newsletters and promotional emails, sent out up to 5 times per day, per customer.
Two of the internet’s biggest ticket vendors, Ticketmaster & Tickpick, were also affected in the incident. The data leak also included many small, independent events spaces, and venues across the U.S., including Pacific Northwest Ballet, Joffrey Ballet, Kansas City Ballet, Dr. Phillips Center in Orlando, Fox Theatre in Georgia, Ballet Austin, and Colorado Ballet, Denver.
Commenting on their discovery, vpnMentor said, “We found this data leak as a part of our ongoing, large-scale web mapping project. Ran and Noam scan internet ports looking for known IP blocks and use these blocks to find holes in a company’s web system. Once these holes are found, the team looks for vulnerabilities that would lead them to a data breach. When they find leaked data, they use several expert techniques to verify the database’s identity.”
“As ethical hackers, we normally reach out to owners of the database or websites affected and outline the security flaws we discover. In this case, we decided to contact Groupon and the other ticket vendors,” vpnMentor added.