[BreachExchange] Hackers steal personal details of 64, 000 Tomorrowland visitors

Destry Winant destry at riskbasedsecurity.com
Mon Oct 29 23:37:05 EDT 2018


Hackers last week were able to breach computer security at the
Tomorrowland festival organisers, and steal the data of 64,000 people
who signed up for tickets for the 2004 edition.
Tomorrowland is one of the world’s biggest dance festivals, held in a
park near Boom in Antwerp province and attended by thousands of people
from all over the world, some of whom charter planes to come to
Belgium and fully book hotels in Antwerp and Brussels.

The festival has branched out as a result of its success, with
editions now in Brazil and a winter festival to be held in the Alps in
March next year. A spin-off, TomorrowWorld, was held three times in
the state of Georgia in the US.

The 2014 edition was special in that it was the first to be held over
two weekends in July that year, attracting 360,000 visitors in total –
twice as many as in the previous three years and three times as many
as 2010. Tomorrowland’s first edition, in 2005, pulled a crowd of a
mere 9,000 people.

The hackers have now made off with the details filled in by
festival-goers when they applied for tickets online, including names,
addresses, age, postcode and gender. Organisers said no sensitive
information, such as payment details, was obtained.

However the information that was received could be sufficient for the
hackers to use it for identity theft, which in turn is a useful tool
for committing fraud.

“The managers of the Paylogic ticketing system noticed some unusual
activity on an older system,” spokesperson Debby Wilmsen told De
Standaard. “After careful analysis it appeared that an old database
from Tomorrowland 2014 was concerned. The server in question was
immediately taken offline.”

Tomorrowland then informed the privacy commission, responsible for
data protection. Everyone on the 2014 list of ticket-buyers will be
informed of the incident by email. Users are advised to change their
password for the system immediately.

More information about the BreachExchange mailing list