Ticketmaster UK Security Breached: Spilled 40,000 Customers’ Credit Card Details
Ticketmaster UK Security Breached: Spilled 40,000 Customers’ Credit Card Details
Ticketmaster has suffered a security breach, leaving 40,000 UK customers at risk
The ticket sales and distribution company was hacked via malicious software on third-party customer support product Inbenta Technologies at the weekend.
A statement from the company read: “On Saturday, June 23, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.
“As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.
“Less than 5% of our global customer base has been affected by this incident. Customers in North America have not been affected.
“As a result of Inbenta’s product running on Ticketmaster International websites, some of our customers’ personal or payment information may have been accessed by an unknown third-party.”
Information which may have been compromised includes: name, address, email address, telephone number, payment details and Ticketmaster login details.
Tens of thousands of Ticketmaster UK customers are thought to have been directly affected by a data breach at a third-party platform provider of the online ticketing giant.
The firm claimed in a notice explaining the incident that it found malicious software on a customer support product hosted by supplier Ibenta Technologies last weekend.
The malware, which was immediately disabled on discovery, had been exfiltrating data and sending it to an unknown third-party, Ticketmaster added.
Compromised data incudes names, addresses, emails, telephone numbers, payment details and Ticketmaster login details. There’s no information on whether some or all of this data was encrypted.
CHECK YOURSELF
Ticketmaster has contacted customers who may have been affected by the security incident.
UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018.
If you have not received an email, Ticketmaster does not believe you have been affected by this security incident based on investigations.
“UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected. As a precautionary measure we have also notified international customers who purchased in this period,” the firm noted.
“If you have not received an email, we do not believe you have been affected by this security incident based on our investigations.”
Ticketmaster stated that “less than 5% of our global customer base has been affected by this incident” – but this could still run into the millions given some reports which claim the firm serves over 230 million customers.
It is believed that as many as 40,000 UK customers’ details have been compromised, although no one in North America has been affected.
As a precaution, Ticketmaster is recommending customers monitor their accounts for evidence of fraud/identity theft.
STEPS TAKEN
Forensic teams and security experts are said to be “working around the clock” to understand how the data was compromised.
Ticketmaster said it was working with relevant authorities, as well as credit card companies and banks.
All notified customers will need to reset their passwords when they next log into their accounts.
Ticketmaster is also offering impacted customers a free 12 month identity monitoring service with a leading provider.
Brooks Wallace, head of EMEA for Trusted Knight, warned customers to also be on the lookout for phishing emails using the stolen data, or capitalizing on interest in the incident.
“After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out,” he added. “If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way. It’s better to be safe than sorry.”
Javvad Malik, security advocate at AlienVault, added that the case highlights the issue of supplier risk.
ADVICE TO CUSTOMERS
The ticket provider advises people to monitor account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, it advises you should contact your bank(s) and any credit card companies.
“It appears as if the attacker was able to break in via a third party, reinforcing the importance of vetting all third parties for the access they require, and to have in place ongoing monitoring and threat detection controls that can raise alerts when a third party is accessing corporate systems,” he argued.
Ticketmaster is also working with the ICO and this case could well be a first major test of the GDPR, depending on when the incident actually occurred.
Only certain UK customers who purchased or attempted to purchase tickets may have been affected by the incident.
As a precaution, Ticketmaster International customers outside the UK are being notified that they will need to reset their passwords when they next log into their accounts. Customers in North America are not affected.
News Source: computing.co.uk, walesonline.co.uk, infosecurity-magazine.com
