Ticketmaster UK Breached Via Supplier

Tens of thousands of Ticketmaster UK customers are thought to have been directly affected by a data breach at a third-party platform provider of the online ticketing giant.

The firm claimed in a notice explaining the incident that it found malicious software on a customer support product hosted by supplier Inbenta Technologies last weekend.

The malware, which was immediately disabled on discovery, had been exfiltrating data and sending it to an unknown third-party, Ticketmaster added.

Compromised data incudes names, addresses, emails, telephone numbers, payment details and Ticketmaster login details. There’s no information on whether some or all of this data was encrypted.

“UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected. As a precautionary measure we have also notified international customers who purchased in this period,” the firm noted.

“If you have not received an email, we do not believe you have been affected by this security incident based on our investigations.”

Ticketmaster stated that “less than 5% of our global customer base has been affected by this incident” – but this could still run into the millions given some reports which claim the firm serves over 230 million customers.

It is believed that as many as 40,000 UK customers’ details have been compromised, although no one in North America has been affected.

As a precaution, Ticketmaster is recommending customers monitor their accounts for evidence of fraud/identity theft.

Brooks Wallace, head of EMEA for Trusted Knight, warned customers to also be on the lookout for phishing emails using the stolen data, or capitalizing on interest in the incident.

“After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out,” he added. “If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way. It’s better to be safe than sorry.”

Javvad Malik, security advocate at AlienVault, added that the case highlights the issue of supplier risk.

"It appears as if the attacker was able to break in via a third party, reinforcing the importance of vetting all third parties for the access they require, and to have in place ongoing monitoring and threat detection controls that can raise alerts when a third party is accessing corporate systems,” he argued.

Ticketmaster is also working with the ICO and this case could well be a first major test of the GDPR, depending on when the incident actually occurred.

What’s Hot on Infosecurity Magazine?