Ticketmaster Breach May Be Part of Much Larger Scam

Ticketmaster Breach May Be Part of Much Larger Scam

July 10, 2018         Written By John H. Oldshue

In June, Ticketmaster announced a breach that affected 5% of their customers. The company said the breach did not occur on their servers but through Inbenta, which provides AI-powered live chat widgets to the ticket retailer.

However, today, RiskIQ released a report indicating the breach may have been much larger than initially reported. The company, which specializes in digital threat management, said the breach may be part of a much larger attack by a threat group called Magecart. In fact, the breach could affect over 800 e-commerce sites worldwide, according to RiskIQ.

Magecart is a group that digitally skims credit card information from online transactions. They target developers that provide software to larger retailers, such as the chat widget that Ticketmaster uses from Inbenta. The criminals are able to rewrite the software code so payment card details are sent to them instead of the retailer.

Inbenta chief executive Jordi Torras confirmed this is exactly what happened in this breach in a statement published on the company’s website.

“Upon further investigation by both parties, it has been confirmed that the source of the data breach was a single piece of JavaScript code, that was customized by Inbenta to meet Ticketmaster’s particular requirements. This code is not part of any of Inbenta’s products or present in any of our other implementations.

“Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability. The attacker(s) located, modified, and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018.”

RiskIQ stated the breach affected more Ticketmaster users than initially suspected. While initially believed to be limited to the U.K., RiskIQ said Ticketmaster shoppers in the United States, New Zealand, and several other companies could be at risk.

The information contained within this article was accurate as of July 10, 2018. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About John H. Oldshue

John Oldshue is the creator of LowCards.com. He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for LowCards.com.
View all posts by John H. Oldshue
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured No Annual Fee Card
Top Features : Earn cash back twice. 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : No Annual Fee; Cash Back match at the end of your first year; Social Security Alerts
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time
Featured Cash Back Card
Top Features : No Annual Fee, Bonus Offer, Cash Back