Ticketmaster hack “the tip of the iceberg”
The recent Ticketmaster data breach formed part of a “massive digital credit card-skimming campaign” that affected more than 800 other websites, according to a leading cyber-security company.
The breach, announced in late June, involved malicious software on a customer-support product hosted by a third-party supplier, Inbenta Technologies, that ran on Ticketmaster International, Ticketmaster UK, Get Me In! and TicketWeb websites. Those potentially affected are British customers who bought or attempted to buy tickets between February and 23 June 2018, and international customers who used the service between September 2017 and 23 June 2018.
While the hack was initially thought to be an isolated incident, a new report by security firm RiskIQ, Inside and Beyond Ticketmaster: The Many Breaches of Magecart, reveals the compromised Ibenta plug-in also ran on hundreds of other websites, including “many of the most frequented ecommerce sites in the world”.
According to RiskIQ, the attack was undertaken by a hacking group, Magecart, who placed a “digital skimmer” – an internet version of the physical ‘skimmers’ hidden in credit-card readers in shops and cash machines – on the Ticketmaster sites via Ibenta.
In addition to the Ibenta Technologies software, the RiskIQ report continues, Magecart injected its skimmer into another third-party supplier, SociaPlus, which is running on other Ticketmaster websites, including Ticketmaster Germany and Ticketmaster Australia.
Also affected is a third supplier, known as PushAssist, which provides analytics for websites, says RiskIQ.
“The Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern”
Describing the Ticketmaster incident as “the tip of the iceberg, the report’s authors, Yonathan Klijnsma and Jordan Herman, say: “The Ticketmaster incident received quite a lot of publicity and attention, but the Magecart problem extends to ecommerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern. We’ve identified over 800 victim websites from Magecart’s main campaigns, making it likely bigger than any other credit card breach to date. In the case of a single, highly targeted campaign we dubbed SERVERSIDE, we identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.
“Currently, the publicly reported breaches are wrongly interpreted and sometimes aren’t breaches at all. They’re all part of the operation of Magecart, a single group that many reports fail to identify, which is spreading faster and wider than ever before.”
RiskIQ first identified the existence of Magecart – which has previously compromised the websites of publisher Faber and Faber and fashion brands Guess and Rebecca Minkoff – in October 2016.