The hacker proceeded to publish the personal data for free on a hacker forum. The exposed information would appear to include full names, email addresses, phone numbers, IP addresses, and hashed passwords, as Bleeping Computer reports. This is the type of data collated for each purchaser of tickets.
Looking at the issue from a cybersecurity perspective is Anurag Kahol, who is the CTO and co-founder of Bitglass.
Kahol sees the issue as opening up a continuing cybersecurity issue – a lack of having basic security measures in place. He states: “Leaving a database vulnerable poses a major threat to data security. Plus, data subject wellbeing, regulatory compliance, and brand reputation are also affected. It does not take much effort for outsiders to find unsecured databases and then to access sensitive information. Personal data is precious, and it is imperative that the proper controls are in place to secure it.”
There are solutions readily available fort businesses, says Kahol: “There are now tools designed to detect misconfigurations within IT assets like ElasticSearch databases. Abusing misconfigurations has grown in popularity as an attack vector across all industries.”
It is important not to forget the consequences of such security weaknesses in terms of data control, says Kahol. By this he means: “Even companies with limited IT resources must take full responsibility for securing user data – there is no excuse for negligent security practices such as leaving databases exposed.”
For remediation activities Kahol recommends: “As such, companies must turn to flexible, cost-effective solutions that can prevent data leakage; for example, cloud access security brokers that boast features like cloud security posture management, data loss prevention, user and entity behaviour analytics and encryption of data at rest. With these types of capabilities an enterprise can be certain that its data is truly safe.”