Central Tickets data breach: what happened, has personal information been stolen and how to protect passwords?
and on Freeview 262 or Freely 565
- Central Ticket was the subject of a data breach.
- Company was alerted by the Metropolitan Police after officers spotted chatter on the dark web.
- A ‘staging’ database is said to have been breached in the attack.
A ticketing company has urged customers to consider changing their password after it confirmed it had been the victim of a data breach. Users' personal information may have been among the information stolen from Central Tickets, it has warned.
Advertisement
Hide AdAdvertisement
Hide AdThe platform, which specialises in discount prices for theatre shows in London, confirmed it had suffered a breach in an email to customers this week. The Independent reports that chief executive Lee McIntosh reached out to users after being alerted by Metropolitan Police.
According to Hackread, the exec warned customers that personal information could have been affected - including details such as “names, mobile phone numbers and email addresses”. He also advised that customers may need to consider changing their passwords as well.
What has Central Tickets said about the breach?
The company has admitted that there had been “a data breach” and customers personal information may have been compromised as a result. It is believed to have happened on July 1, but Central Tickets only became aware of it in September after being alerted by the Metropolitan Police after chatter was spotted on the dark web.
Advertisement
Hide AdAdvertisement
Hide AdAccording to The Independent, the firm said a “staging database” which is used for testing purposes had been breached by a “threat actor”. This is said to be different from its main website and app.
Central Tickets has reported the potential breach to the Information Commissioner’s Office (ICO). Mr McIntosh added: “I acknowledge the seriousness of the situation and I would like to offer my unreserved apology to you for any distress or concern this may have caused.”
Should I change my password?
In an earlier email to customers, seen by Hackread, Central Tickets advised that “hashed account passwords” may have also been involved in a potential breach but says these are “encrypted”. However customers are advised if they use the same password for other websites they should change it as “a precaution”.
Advertisement
Hide AdAdvertisement
Hide AdBut Central Tickets, after receiving a summary report from an external cybersecurity team, identified the breach as having affected a “staging database” and not its main website and app. However it is good online safety practice to use different passwords for different websites just in case.
Users were also warned to remain vigilant for scam phone calls and phishing emails following the incident.
How to protect your passwords online?
The experts always advise - as I just did a couple of paragraphs above - that you should use different passwords for each website/ log-in. Which sounds reasonable in theory, but of course that means you have to remember a whole host of them and if they include a proper range of letters, characters and numbers that can get tricky fast.
Advertisement
Hide AdAdvertisement
Hide AdThere is a temptation to just take the easy route and use the same/ very similar passwords for everything. But before you do that, the National Cyber Security Centre recommends trying out a password manager - which could allow you to have a range of passwords and not constantly lose track of them.
On its website, the NCSC explains: “A password manager (or a web browser) can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).”
It also advises that password managers also provide the following benefits:
Advertisement
Hide AdAdvertisement
Hide Ad- synchronise your passwords across your different devices, making it easier to log on, wherever you are, and whatever you’re using
- help spot fake websites, which will protect you from phishing attacks
- let you know if you’re re-using the same password across different accounts
- notify you if your password appears within a known data breach so you know if you need to change it
- work across platforms, so you could (for example) use a single password manager that would work for your iPhone and your Windows desktop
The NCSC also “strongly advises” that you turn on two-factor authentication on the password manager account. They add: “This means that even if a cyber criminal knows the ‘master’ password, they still won’t be able to access your password manager account.”
Do you regularly update your passwords and use other safety features for your online accounts? Share your thoughts by emailing me: [email protected].