PlayTicket, a South Korean online ticketing and reservation platform, has allegedly been compromised, resulting in the exposure of significant user and order data. A threat actor on a cybercrime forum has listed a database for sale claiming to contain approximately 210,000 records linked to the domain playticket.co.kr. The breach reportedly involves two separate files—one containing member details and another containing order history—offered for a low price of $150.
According to the actor, the compromised data spans over 64,000 member lines and 152,000 order lines. The allegedly compromised data includes:
-
Full names and nicknames
-
Email addresses (over 59,000 unique emails in the member file)
-
Passwords
-
Phone numbers
-
Dates of birth
-
Physical addresses and zip codes
-
Order history and transaction details
-
Partial credit card numbers (masked in samples)
-
Bank names and payment methods
-
IP codes and device information
