A web server of the service turned out to be publicly accessible. It contained 2,600 documents including itineraries and boarding passes. Scanned copies of credit cards (including security code) were also available as well as screenshots of internet banking accounts.
The documents from the German police contained information about cases of credit card fraud.
The badly secured server also contained complaints of travelers, sent to their travel agency or airline.
Complaints have been filed with Dutch and German prosecution services about this ordeal.
It’s clear that web servers of ticket services contain a “treasure trove” of information.
Dutch language news article: