Reports emerged this week about a significant data breach tied to the Crazy Cool festival’s ticketing process. Users described a malfunction on the event’s official platform that exposed payment details and personal information from fellow applicants who were attempting to secure wristbands. One participant shared on social media that the site’s error allowed strangers to peek into entries and view other people’s sensitive data. The person noted a recurring problem where every time a user selected the option to view data or view entries, a different set of personal details appeared, indicating a systemic flaw rather than an isolated bug. This incident raised immediate concerns about how sensitive information was being handled during the ticket-buying flow and how quickly it was being rectified by the system operators.
As the site attempted to process registrations for on-site entry, many buyers discovered that their own information was being replaced with data belonging to others. In addition to potential exposure of names and addresses, at least one account reportedly had the ability to alter shipment information for wristbands, which could lead to misrouting or delivery to the wrong recipient. The breach also seemed to affect the integrity of digital tickets, with some users alleging that cards tied to external purchases could be downloaded or reassigned, complicating the process of verifying legitimate buyers at the venue. In response, a wave of concerns prompted affected customers to lodge complaints and request action from the festival organizers and the platform provider. The Spanish Data Protection Agency (AEPD) was engaged to pursue a remedy and to determine the scope of the exposure and the steps needed to safeguard people’s information going forward.
On the technical side, the breach appeared to trigger a chain reaction that forced the event organizers and the ticketing partner to temporarily disable access to the platform in order to prevent further data leakage. By the following day, services were gradually restored, but the disruption underscored the importance of robust identity verification, secure data transmission, and tight access controls in online ticketing ecosystems. Observers noted that similar vulnerabilities could recur with high-demand events, especially when systems rely on large, distributed databases to handle rapid purchases and real-time updates. The situation highlighted the ongoing need for proactive security testing, clear incident response plans, and transparent communication with customers about what data was affected and what mitigation measures would be implemented to prevent recurrence.