Industry News

Ticketmaster hack part of larger scheme

Ticketmaster’s data breach that affected thousands of customers last month was reportedly part of a larger credit card skimming scheme.

Cybersecurity firm RiskIQ said in a report that it did not appear to be an isolated incident with the ticketing giant. Rather, a hacking group called Magecart had targeted around 800 e-commerce sites.

Following the breach, Ticketmaster admitted it had been hacked by “malicious software” on third-party customer support product Inbenta Technologies, which works with the ticketing giant.

The skimming system takes the data from people when they enter credit card information onto a website.

“Since 2016, RiskIQ has reported on the rise of card skimmers of the digital variety operated by the threat group Magecart that use scripts injected into websites to steal data that’s entered into online payment forms on e-commerce sites,” RiskIQ wrote in the report. “Hackers placed one of these digital skimmers on Ticketmaster websites through the compromise of a third-party functionality supplier known as Inbenta.”

RiskIQ said it identified some 100 well-known brands as other victims of Magecart’s scheme, but did not reveal their identities.

The researchers said it appeared that Magecart was becoming more sophisticated in its techniques.

“Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection,” the researchers said, according to Anadolu Agency.

“Previously, they compromised individual websites and added new Javascript or links to remote Javascript files, but they seem to have gotten smarter—rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer.”

In some cases, adding the credit card skimmer system gave the group access to some 10,000 credit card numbers almost immediately.