Ticketmaster Breach May Be Part of Much Larger Scam
In June, Ticketmaster announced a breach that affected 5% of their customers. The company said the breach did not occur on their servers but through Inbenta, which provides AI-powered live chat widgets to the ticket retailer.
However, today, RiskIQ released a report indicating the breach may have been much larger than initially reported. The company, which specializes in digital threat management, said the breach may be part of a much larger attack by a threat group called Magecart. In fact, the breach could affect over 800 e-commerce sites worldwide, according to RiskIQ.
Magecart is a group that digitally skims credit card information from online transactions. They target developers that provide software to larger retailers, such as the chat widget that Ticketmaster uses from Inbenta. The criminals are able to rewrite the software code so payment card details are sent to them instead of the retailer.
Inbenta chief executive Jordi Torras confirmed this is exactly what happened in this breach in a statement published on the company’s website.
“Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability. The attacker(s) located, modified, and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018.”
RiskIQ stated the breach affected more Ticketmaster users than initially suspected. While initially believed to be limited to the U.K., RiskIQ said Ticketmaster shoppers in the United States, New Zealand, and several other companies could be at risk.