Massive data breach exposes security flaws at Atif Aslam concert in Dhaka

A newly created Facebook profile has revealed a major data breach regarding Atif Aslam’s upcoming concert in Dhaka, which will take place on November 29.

The breach has raised concerns about the security of personal data and the overall security of the event titled ‘Magical Night 2.0’ headlined by Atif Aslam.

A self-proclaimed developer ‘Fardeen Ahmed Cse’ claimed yesterday (October 23) that ‘Ticket Tomorrow’, the official ticketing partner for the concert, lacked basic security measures on its website.

The developer alleged that it was able to access the entire database, including ticket details and personal information of concertgoers.

“You could edit, delete or generate tickets for the event,” the developer wrote in his post.

He also questioned the company’s ability to handle security on the day of the event, saying: “If they can’t secure their online audience, I doubt they can handle anything on the day of the event.”

The developer also shared a Google Drive link containing the compromised data, which included tickets in PDF format with the names, contact information and ticket classifications, such as front zone, general zone and magic zone, of concertgoers .

Some people confirmed that they were able to find their data in the leaked files in the comments of the post.

The post quickly went viral and sparked a backlash against the developer for exposing sensitive information.

In response, he deleted the data and wrote: “I exposed the security flaw, shared the leaked entries and now everyone knows that the entries are accessible to anyone. This makes it harder for scammers to take advantage of and push the company to finally address the issue (which they wouldn’t have if the post hadn’t gone viral).”

He further said, “I have removed the data, not because anyone asked me to, but because I feel the point has been made. With this, I support my case.”

The Business Standard was able to reach Arifa Shobnom, director of public relations and communications at Triple Time Communications, who acknowledged that there had been a lack of attention to website security on their part.

He said: “We have been planning to bring Atif since last November, and a lot of effort went into it. “We were so focused on ensuring maximum safety for the artist and the audience that there was a lack of attention to safety on the spot.”

“We don’t anticipate these kinds of problems out of the blue,” he added.

He also said: “This has been really disheartening and we are doing everything we can to deal with the damage. About 9,800 people bought tickets, and they have all received new PDFs by email. We are still in the process of distributing copies in paper.”

Addressing rumors about booking the venue, Shobnom clarified, “I will receive the booking documents today. We have already spoken to the Army Stadium officials and visited the venue.”

Triple Time Communications also announced in a Facebook post: “All purchases have been invalidated due to the recent public event. Our new purchase confirmations will be issued soon and physical tickets will be provided in time.”

Meanwhile, Ticket Tomorrow issued a statement acknowledging the breach: “We encountered an issue where some user and ticket data was accessed without authorization. We sincerely apologize for any concern this may have caused Rest assured, we have already taken legal action against those responsible and strengthened our security measures.”

The developer also disputed the claim that tickets for the event were sold out.

According to him, he could see in the system that the tickets were still available.

“They have posted ‘sold out’ but I can confirm that the tickets are not sold out at all! I deliberately forced them to stop selling tickets, but they will reopen sales later. Right now, they are just taking time out for damage control.” has added