In May 2025, a cybersecurity researcher uncovered a significant data breach involving the ticket reseller platform Tickettocash. An unsecured database exposed over 500,000 records containing sensitive customer information.

Key Findings

Exposed Data: The breach included personally identifiable information (PII) such as full names, email addresses, phone numbers, and physical addresses. Additionally, payment details like credit card information and transaction histories were accessible.

Security Oversight: The database lacked basic security measures, such as password protection and encryption, allowing unauthorized access to the data.

Potential Risks: The exposed information could be exploited for various malicious activities, including identity theft, financial fraud, and phishing attacks.

Response and Mitigation

Upon discovery, vpnMentor promptly notified Tickettocash about the vulnerability. The company responded swiftly by securing the database and launching an internal investigation to assess the breach’s scope and impact.

Recommendations for Affected Users

If you have used Tickettocash for purchasing tickets, consider the following steps:

Monitor Financial Statements: Regularly check your bank and credit card statements for any unauthorized transactions.

Change Passwords: Update your passwords for Tickettocash and any other accounts where you use similar credentials.

Be Vigilant Against Phishing: Be cautious of unsolicited emails or messages requesting personal information or containing suspicious links.