From NextGov:

In case you missed our coverage this week in ThreatWatchNextgov’s regularly updated index of cyber breaches: 

Mix-up on Ticket Site Exposes Customer Data

Fans seeking advance tickets for the singer’s tour say they saw other people’s shopping baskets, including payment details, upon checkout.

Ticketing company Songkick said because of the “extreme load” on the site, some customers could view others’ account details.

“At no time was anyone able to access another person’s password, nor their payment or credit card details (which are not retained by Songkick),” the outfit said.

Kiran Farmah tweeted, “I got through to buying tickets but it came up with someone else’s screen with their card details and home address.”

Emma Harris told the BBC she had experienced a similar problem:

“After queuing for an hour and half, we clicked the tickets we wanted [and] got pushed through to another screen but different tickets were selected. We went with these anyway because we thought otherwise we’d lose out. But when we got to the next screen, where you fill in your details, all of the boxes were already filled in with somebody else’s name, somebody else’s address and somebody else’s credit card number.”

Security consultant Graham Cluley said: “It sounds like the website [code] has been written insecurely. It’s spitting out other people’s information — information which they would expect to have been kept private.” 

Ex-Roadrunner Wireless Engineer Allegedly Hacked His Former Employer – Even After Arrest

Gordon Logan is accused of hacking into the servers at Roadrunner Wireless Internet Service, where he…

Continue Reading