Imagine writing you credit card details on the side of a bus. Now write your full name, email address, phone number and date of birth on that bus. Would you allow someone to drive that bus up and down every road in Hong Kong? Maybe no one reads the side of the bus and maybe no one cares, but there is a chance that someone will, and by purchasing a Road to Ultra: Hong Kong (Ultra HK) ticket, there is a chance that someone with bad intentions will see all of that information.
試想像把您的信用卡資料寫在一架巴士上， 您的名字﹑ 電郵﹑ 住址﹑ 出生日期等等之個人資料都寫上那輛巴士上。您會容許他人在香港每一條道路上駕駛它嗎? 也許沒有人會去看，沒有人會去關心那些資料，但是別人看到的機會總是存在的。購買最大型電子音樂會Road To Ultra Hong Kong (Ultra HK) 門票就有機會讓一些有意圖的人看到所有的資料。
If you want to go to Ultra HK, you need to purchase a ticket at http://www.festgroundhk.com. Notice that the url starts with http, not https. This means that the website is not secure. The website is sending your data across the internet without any encryption. If someone is looking at the information being sent on your network, they can read your personal information and card details. This was proved in this post.
It’s not just people on your network that could see your details either. Your credit card details do not go directly from your computer to FestgroundHK servers, they go through more than 10 different networks. This means that if anyone is looking at data on any of those networks, they can see your details. You can use one of the following commands to see the path your information will take on the way to FestgroundHK servers (IP: 18.104.22.168).
不只是在您電腦網絡上的人可以閱讀您的資料，在其他電腦網絡上的人也可以閱讀到。您的信用卡資料並不是直接發送到 FestgroundHK 伺服器，它們會透過多於十個其他不同的電腦網絡來傳送。所以假如有人正在瀏覽任何這些網絡上的數據，他們都可以閱讀到您的資料。您可以利用以下的方法去查看您的資料在到達 FestgroundHK servers (IP: 22.214.171.124) 前的路徑。
Mac / Linux Terminal: traceroute 126.96.36.199
Windows Command Line: tracert 188.8.131.52
Almost half of the world use the internet, which means over 3,500,000,000 people have the potential to see your data and it would be very naive to think that no one is looking. It’s probably safer to write your details on the side of a bus. This website is so unsecure that you web browser will tell you not to enter credit card information. (The image below shows a message from Chrome)
Ultra do not care and they are probably cost cutting, but their cost cutting is going to end up costing you a lot more that the price of a ticket. If someone gets hold of your card details they could empty your bank account or max out your credit limit. It’s safe to assume they are breaking some data protection laws too.
I urge everyone to stop buying tickets until they fix this problem, otherwise you are putting yourself at unnecessary risk. For those that have already purchased tickets, check your bank account to make sure every purchase on your card was made by you and contact your bank to let them know that you used your card on unsecure website, so they can monitor suspicious activity more closely.
Everyone should contact Ultra and FestgroundHK. They will only fix this problem if they are pressured. Email them everyday. Bombard their social media accounts. What they are doing is unacceptable.
每個人都應該聯繫 Ultra 和 FestgroundHK。他們只會在壓力下才解決這個問題。每天給他們發電郵，轟炸他們的社交媒體帳號。因為網絡交易的安全性是中十分重要的，絕對不能接受他們的處理方法。
- Ultra Hong Kong email@example.com
- Ultra Hong Kong Facebook
- Ultra Instagram
- Ultra Twitter
- Festhroundhk.com firstname.lastname@example.org
- Festgroundhk.com technical contact email@example.com
- Festgroundhk.com admin firstname.lastname@example.org
On the home page of the ticketing website it says: “Be Responsible. Think For Yourself And Care For Others.” You should do exactly that. Do not use purchase tickets until the website is fully secured and warn your friends.
Translated by Winco Tang.