DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

I know what GoTickets.com did last summer

Posted on November 30, 2012 by Dissent

A few weeks ago, I wrote a blog entry asking how many breaches GoTickets.com had really experienced. At the time, it appeared that they had had one breach in May 2012, which they reported to California (and, as I recently learned, New Hampshire and Maryland), but there was a puzzling report from American Express that suggested that they had had an earlier breach in November 2011.

GoTickets.com never responded to my e-mail inquiry asking them to confirm or clarify the puzzling report.

That November 2011 report is still not clear to me, but in looking into things, I discovered that their May 2012 breach was worse than I originally knew.

Although GoTickets.com does not seem to have updated their June 20, 2012 report to California – the same basic report they sent to New Hampshire and Maryland – they sent two subsequent updates to New Hampshire.  As a reminder, in their June 20th report, they stated that there had been two intrusions – on or around May 22 and May 30 and that there was evidence that at least some customers’ card information had subsequently been misused. In Maryland, 105 customers had made transactions during the critical time periods,  and there was evidence that at least some customers had subsequently experienced card fraud. A smaller number had been affected in New Hampshire.

On August 3,  they notified New Hampshire that they had recently learned that there had been another intrusion – on July 5. GoTickets believes that the July intrusion was likely related to the previous problem.  Although their investigation wasn’t complete by that time, it appeared that a single administrative account had been compromised and malicious files placed on the server that allowed subsequent improper access. Again, there was evidence that the recent intrusion had resulted in misuse of customer card information.  In Maryland, another 40 customers were potentially affected.

On September 4, GoTickets  again updated their situation. In their newest letter to New Hampshire, they reported that on July 24 – the very day they started investigating the July 5 intrusion – they suffered another intrusion. And once again, there was evidence of information misuse.

In response to the security breach, GoTickets implemented more stringent administrative account controls, retired old user accounts, switched to requiring more complex login/passwords that would expire every 90 days, and reduced the number of administrative accounts while isolating the administrative interface and restricting access to one physical location or a VPN.

Hopefully, their efforts were sufficient to plug the hole.

Now if I could just find out what happened last year.

 

Category: Breach IncidentsBusiness SectorHackID TheftU.S.

Post navigation

← GA: Grady Health Systems notifies 900 patients potentially affected by ADPI-Intermedix breach
How many were affected by ADPI-Intermedix breach: help track this breach →

1 thought on “I know what GoTickets.com did last summer”

  1. IA ENG says:
    December 7, 2012 at 7:47 am

    The steps they are taking are better that it was, but it could boild down to some very basic social engineering tactics. There are reports of A LOT of usernames and passwords that have been stolen. All these crooks have to do is locate a name. Then they take that name, nickname or email address and try to use that to gain entry into the place where the person resides.

    I am sure there are MANY people who use their favorite password or scheme on every website they visit. (Somehow I sense a flurry of admins rapid logging in to admin accounts, engaging brains and coming up with a unique password scheme).

    Sometimes crooks aren’t as smart as you think. Make sure your systems are patched. Make your password is ultra strong. Watch your elevated privilege accounts. Passwords are changed frequently – plus they are being audited and monitored on a random basis Elevated accounts Should be limited in nature – Not everyone needs administrative or root access.

    Looking from the outside in, it limits your ability to see what happened. I am sure there are clues. If I was a hacker and wanted in, I would surf to a secure logon area of the site, try the usernames and passwords early in the work day. It looks like it was a sleepy headed attempt to log in and get ignored. The dumb hacker would try that late at night when the person is snoring in their bed.

    It doesn’t take the thinking of a rocket scientist to crack some of these passwords. A determined crook armed with a screen full usernames and passwords that he bought for less than the cost of lunch could easily make a compnay lose million in revenue, pay hefty fines and make people lose their jobs….. all due to the use of a single password over a multitude of websites.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.