xPayrience is allegedly the victim of a data breach after a threat actor published what they claim is a database affecting approximately 465,000 individuals. The leaked archive purportedly contains customer information, order records, reservation data, and thousands of event tickets from the Canadian ticketing and reservation platform. xPayrience had not issued any public statement at time of publication.
Threat actor claims 465,000 people affected
According to the forum post, the alleged dataset contains approximately 910 MB of data spread across more than 8,400 files in CSV, JSON, JSONL, and PDF formats. The threat actor claims the archive contains approximately 1.76 million records relating to nearly 466,000 individuals.
The alleged dataset reportedly includes:
- Customer names
- Email addresses
- Telephone numbers
- Mailing addresses
- Customer account information
- Order records
- Reservation and ticketing data
- Store and venue information
BreachNews has intentionally withheld potentially sensitive information contained within the published samples and has not independently verified the authenticity of the alleged database.
Thousands of event tickets allegedly included
One of the more unusual aspects of the alleged leak is the inclusion of event tickets. The threat actor claims the archive contains more than 8,400 ticket records and alleges that many remain valid for real-world use.
BreachNews has not attempted to verify whether any tickets remain active and cannot independently confirm the claim. If authentic, organizations using the platform for ticketing and event management could face additional operational risks beyond the exposure of customer information.
Platform serves tourism and event organizations
xPayrience provides online ticketing, reservation, and sales management services for organizations operating in the tourism, attractions, and events sectors. Based on the published samples, the alleged dataset appears to contain records associated with multiple organizations using the platform rather than data belonging solely to xPayrience itself.
The published samples appear to include customer records, order information, and venue-related data. However, the presence of sample data alone does not confirm that the information originated from xPayrience or that unauthorized access to its systems occurred.
Authenticity remains unverified
BreachNews could not independently verify the authenticity of the alleged database or determine whether the information was obtained through unauthorized access to xPayrience systems.
The alleged breach comes amid a steady stream of technology-sector data exposure claims appearing on cybercrime forums, where threat actors increasingly publish or leak purported datasets to support their allegations. Recent examples include the alleged Accenture breach, in which a threat actor claimed to possess source code, cloud credentials, and other internal company data, though those claims also remained unverified.
BreachNews will update this article if xPayrience confirms the incident, disputes the claims, or releases additional information.












