vpnMentor’s research team, led by Noam Rotem and Ran Locar, recently exposed a massive criminal operation that has been defrauding Groupon and other major online ticket vendors at least since 2016.
As part of a larger web mapping research project, we discovered a cache of 17 million emails on an unsecured database. Our initial research suggested the data breach was the result of a vulnerability in a ticket processing platform used by Groupon and other online ticket vendors.
Upon further investigation, however, we began to suspect a wider criminal enterprise might be at play. We’ve worked on many similar database breaches, and certain aspects of this one didn’t add up. After contacting Groupon with our concerns, the full extent of what we’d uncovered was revealed.
The database belonged to a sophisticated criminal network. Since 2016, They have been using a combination of email, credit card, and ticket fraud against Groupon, Ticketmaster, and many other vendors.
Groupon has been trying to shut this operation down ever since it started, but it has proven resilient.
Finding any information on Neuroticket proved difficult. Considering it seemed a popular piece of software, it didn’t even have a website.
Meanwhile, we began to suspect many of the email addresses on the database were fake. To test this theory, we randomly selected 10 email address and contacted the apparent owners. Only one person replied to us.
At this point, Groupon’s security team linked this database to a criminal network they had been chasing since 2016.
That year, a criminal operation opened 2 million fraudulent accounts on Groupon. With stolen credit cards, they used the accounts to buy tickets on the site, and then resell them to innocent people online.
Groupon had been able to close most of the accounts, but not all of them. The operation has remained resilient, despite excellent work by the company. Groupon’s Chief Information Security Officer (CISO) estimates the number of fraudulent accounts in the network we helped uncover to be as high as 20,000.
Working together with our research team, Groupon has been able to analyze the data and finally zero in on the entire criminal network.
From the beginning of this process, Groupon’s CISO has been incredibly co-operative, proactive, and professional. However, at some point they stopped replying, and we were left without answers.