The latest industry news to your inbox.

I'd like to hear about marketing opportunities


I accept IQ Magazine's Terms and Conditions and Privacy Policy


Ticketmaster hack “the tip of the iceberg”

According to cyber-security firm RiskIQ, hackers Magecart have placed a "digital skimmer" on hundreds of other ecommerce sites, including some of the biggest in the world

By IQ on 12 Jul 2018


image © iAmMrRob

The recent Ticketmaster data breach formed part of a “massive digital credit card-skimming campaign” that affected more than 800 other websites, according to a leading cyber-security company.

The breach, announced in late June, involved malicious software on a customer-support product hosted by a third-party supplier, Inbenta Technologies, that ran on Ticketmaster International, Ticketmaster UK, Get Me In! and TicketWeb websites. Those potentially affected are British customers who bought or attempted to buy tickets between February and 23 June 2018, and international customers who used the service between September 2017 and 23 June 2018.

While the hack was initially thought to be an isolated incident, a new report by security firm RiskIQ, Inside and Beyond Ticketmaster: The Many Breaches of Magecart, reveals the compromised Ibenta plug-in also ran on hundreds of other websites, including “many of the most frequented ecommerce sites in the world”.

According to RiskIQ, the attack was undertaken by a hacking group, Magecart, who placed a “digital skimmer” – an internet version of the physical ‘skimmers’ hidden in credit-card readers in shops and cash machines – on the Ticketmaster sites via Ibenta.

In addition to the Ibenta Technologies software, the RiskIQ report continues, Magecart injected its skimmer into another third-party supplier, SociaPlus, which is running on other Ticketmaster websites, including Ticketmaster Germany and Ticketmaster Australia.

Also affected is a third supplier, known as PushAssist, which provides analytics for websites, says RiskIQ.

“The Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern”

Describing the Ticketmaster incident as “the tip of the iceberg, the report’s authors, Yonathan Klijnsma and Jordan Herman, say: “The Ticketmaster incident received quite a lot of publicity and attention, but the Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern. We’ve identified over 800 victim websites from Magecart’s main campaigns, making it likely bigger than any other credit card breach to date. In the case of a single, highly targeted campaign we dubbed SERVERSIDE, we identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.

“Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection. Previously, they compromised individual websites and added new Javascript or links to remote Javascript files, but they seem to have [got] smarter – rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.

“Currently, the publicly reported breaches are wrongly interpreted and sometimes aren’t breaches at all. They’re all part of the operation of Magecart, a single group that many reports fail to identify, which is spreading faster and wider than ever before.”

RiskIQ first identified the existence of Magecart – which has previously compromised the websites of publisher Faber and Faber and fashion brands Guess and Rebecca Minkoff – in October 2016.


Get more stories like this in your inbox by signing up for IQ Index, IQ’s free email digest of essential live music industry news.