Over the past 10 years Debitsuccess has been providing expert billing services to businesses across Australia. Debitsuccess is now the largest full service direct debit provider in Australasia,…read more
Start-up online ticketing platform investigating ‘potential data leak’
An online ticketing company has moved quickly to fix a "potential data leak" after a university student claimed the personal details of thousands of people had been revealed.
In a statement posted on its website, Get, which has origins going back to 2016 when it was established by a pair of University of NSW commerce students, said it had "immediately acted" following reports of a "potential vulnerability" in its systems.
The statement advised “if we become aware of any specific information which has been compromised we will notify the organisations, their members and report a breach.
"No personal payment information is stored in Get's databases and payments are processed by a secure third-party payment processor, responsible for many of the world's online transactions."
On its website, it told users it was investigating the "potential data leak" and would provide a further update when it became available.
The online ticketing start-up, which originated in Sydney, is used by university clubs and associations to manage memberships and sell tickets to events in four countries.
According to its website, Get has more than 159,000 students from 453 societies and clubs in its community.
University clubs listed on its website include those belonging to the University of Adelaide, UNSW Sydney, the University of Sydney, Macquarie University, the University of Technology and Griffith University.
A spokesperson for Australia's national privacy regulator, the Office of the Australian Information Commissioner (OAIC), said it was aware of reports of a potential data breach involving Get.
As reported by the ABC, the spokesperson advised “while we can't comment on the specifics, we would expect any organisation to act quickly to contain a data breach involving personal information and assess the potential impact on those affected.
"If it's likely to result in serious harm, and the organisation is covered by the privacy act, they must notify the people who are affected and the OAIC as quickly as possible."
In 2018/19, the OAIC received 1,160 reports of data breaches in Australia.
Claims about the system vulnerability emerged over the weekend, after a University of Canberra software engineering student posted on social media.
The student, who asked to remain anonymous, told the ABC he found the data when applying for a club membership, advising that the website “showed a list of all the people that were part of that society, which seemed a bit strange to me.”
He said a quick online search found the personal data of about 200,000 users dating back more than a year, adding "I looked at the information that was being sent from Get to my computer … it's things like name, phone number, date of birth, addresses, student number.
"Having that publicly available is just insane."
Security researcher Troy Hunt told the ABC any personal information could be used for nefarious purposes, including identity theft.
Described the claimed system vulnerability as "egregiously basic", Hunt commented “certainly for someone looking to perform some sort of malicious activity, the more information they can get about someone the better - and certainly there has been quite a lot of personal information leaked by this service.
"I'd be concerned if this was my data. This is information that I would not want to willingly share with other people.
"By the time you match names with phone numbers and addresses and birth dates and things like that, it is a lot of personal information, and remember things like your birthdate are often used as identify verification questions."
Get's predecessor Qnect was established in 2016 by students Daniel Liang (pictured above) and Ryan Chen.
The tech start-up has since expanded to three other countries, and has sold $6.2 million worth of tickets, organisation memberships and merchandise across university campuses.
In a separate incident in May 2017, Qnect users began receiving threatening text messages from a hacking group which called itself RavenCrew.
It threatened to release private data unless it was paid a ransom in Bitcoin.
Liang said at the time the threats were reported to the Australian Federal Police, and moved to reassure users no financial information was accessed as it was stored with a third party.
28th June 2018 - Australian ticket buyers caught in Ticketmaster data breach
11th July 2018 - Ticketmaster Data breach alleged to be part of a wider fraud
6th August 2009 - Hackers force film festival website offline
25th September 2013 - 500,000 Australians a year caught out by online ticket scams
11th January 2019 - ACCC warns against social media ticket scams for sold-out concert tickets
20th August 2019 - Consumer Affairs Victoria issues advice on avoiding ticket scams
12th February 2019 - Further warning to festivalgoers after Perth scammer nets $10,000 from fake tickets
19th March 2018 - LPA launches video to help online ticket buyers avoid scams
8th August 2017 - LPA releases guide to help consumers avoid ticketing scams
27th March 2012 - Ticketing scams affect Singapore attractions
6th April 2017 - Visitor attractions hit by stolen credit card scam
Asking a small favour
We hope that you value the news that we publish so while you're here can we ask for your support?
The news we publish at www.ausleisure.com.au is independent, credible (we hope) and free for you to access, with no pay walls and no annoying pop-up ads.
However, as an independent publisher, can we ask for you to support us by subscribing to the printed Australasian Leisure Management magazine - if you don't already do so.
Published bi-monthly since 1997, the printed Australasian Leisure Management differs from this website in that it publishes longer, in-depth and analytical features covering aquatics, attractions, entertainment, events, fitness, parks, recreation, sport, tourism and venues management.
Subscriptions cost just $90 a year.
Click here to subscribe.
The Complete Guide to Leisure Industry Products & Services.
Vticket Pty Ltd is the Australian and New Zealand distributor for Gateway Ticketing Systems Inc., the world leader in high-speed access control, admission control and ticketing software for the…read more
Ecoline is a highly experienced and skilled company that offers world-first technology in safety, protects the environment and provides a unique and challenging custom-made adventure and educational…read more
Tim Batt Water Solutions are at the very forefront of the commercial aquatic business in Australia, with over 30 years specific experience supplying and installing chemical control and dosing…read more
Vlocker Pty Ltd has been designing, manufacturing, installing and servicing locker systems worldwide since 1995. Vlocker specialises in providing locker solutions to suit client requirements in…read more
Polin was founded in Istanbul in 1976, and has since grown into a leading company in the waterparks industry. Today Polin is one of the world leaders in the design, production, and installation of…read more
NovoFit is an exciting and dynamic new company born from two of Australia’s leading commercial fitness equipment suppliers. NovoFit combines over 45 years of industry expertise, delivering state…read more
BODY BIKE® International is a leading manufacturer of indoor bikes with a 20-year track record of creating the best indoor bikes. Stay connected with Body Bike Australia…read more
get listed with our suppliers directory
Get your business noticed in our targeted directory. Viewed by 10,000 industry professionals per week!