Ticketmaster was aware of the breach months ago before taking action

More than 40k Ticketmaster's customers are at risk due to the data breach

A malicious JavaScript code was discovered running Ticketmaster's website which resulted in the data breach.

On June 23, IT experts at Ticketmaster have reported about a website hack. As a result, UK-based customers who tried to purchase or have bought the tickets from this sales distribution company between February and June 2018 might be at risk. Additionally, international customers who have used company's services between September 2017 and June 2018 may also be affected.

According to the experts, the stolen data contain numerous sensitive information, including details which might personally identify its customers. One of the details are the following^[1]:

• Names;
• Billing addresses;
• Credit card details;
• Email addresses;
• Telephone numbers;
• Login information.

Ticketmaster reported that Forensic team is investigating the issue and trying to discover how the website was compromised. Additionally, they are encouraging their customers to monitor their bank account activity and notify relevant authorities about any suspicious activity^[2]:

We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies.

The malicious code was discovered running on the company's website

Ticketmaster was using the services of Inbenta which provides chatbot and support ticketing services for various sales companies. Experts identified that the site was breached through the JavaScript code that was embedded directly to the payment page^[3].

The code was customized for Ticketmaster's company individually. Likewise, Inbenta has confirmed that none of their other customers and websites have been affected. Although, they pointed out that using a third-party code directly in the online payment platform was a huge risk and they would have never agreed to such actions if notified^[4].

Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability.

Digital bank claims to have warned Ticketmaster about the breach months ago

Interestingly, digital bank Monzo claims that they have informed Ticketmaster about the potential risk of data leak months before the official statement^[5]. The representatives say that they have replaced 6 thousand Monzo cards which were used to purchase tickets since customers reported about unauthorized transactions:

Over the course of Thursday 19th April and Friday 20th April, we sent out six thousand replacement cards to customers who had used their Monzo cards at Ticketmaster. We let them know that we were replacing their cards through their Monzo app, but didn’t name Ticketmaster as the reason at the time.

The firm confirms that they have arranged a meeting with Ticketmaster's cybersecurity team and were told that the issue would be investigated internally.