Security researchers have discovered a database containing millions of emails and usernames up for sale on the dark web, linked to a well-known UK ticketing provider.
Analysts at Israeli cyber-intelligence firm KELA detected the trove of 4.8 million records, posted to an underground site on July 8. A spokesperson for the company told Infosecurity that they managed to get hold of a sample of 10,000 emails and just 300 (3%) were duplicates.
New user “Jamescarter” is selling the details for $2500, with a .ru contact email. Although the trader claims the email/log-in data comes from a “shopping and forex trading site,” KELA is confident it belongs to customers of a popular ticketing service for live shows based in the UK.
The owners of said email addresses can expect follow-on phishing and potentially credential stuffing attacks if the details are sold.
Although most are from commercial webmail providers, there are also government domains in the haul, potentially putting these high-value accounts at risk of compromise.
Interestingly, the compromised ticketing provider has had its website defaced in the past and was also identified by KELA on a Pastebin list of “websites vulnerable to SQL Injection," although it’s not known if the two incidents are connected.
Affected users are located mainly in the UK, US, New Zealand, Australia, South Africa, Germany and France, the firm explained.
Credential stuffing alone costs EMEA organizations in the region of $4m each year, according to research from Akamai last year. This was calculated based on the cost of application downtime, loss of customers, extra work for IT security teams and the cost of follow-on fraud.