Ticketmaster breach was part of larger credit card skimming campaign, cyber firm says

Ticketmaster breach was part of larger credit card skimming campaign, cyber firm says
© Getty

A cybersecurity firm says the hacking group that stole some Ticketmaster customers' credit card information this year actually carried out a far more extensive digital credit card skimming campaign than initially reported.

The threat group known as Magecart targeted more than 800 e-commerce sites around the world between February 2017 and June 2018, RiskIQ reported Tuesday in a blog post.

ADVERTISEMENT

"According to Ticketmaster’s official statement, the breach impacted the following websites: Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb," the firm writes.

"However, we found evidence the skimmer was active on a broader range of Ticketmaster websites including Ireland, Turkey, and New Zealand among others."

RiskIQ says Magecart targeted the payment information entered into forms on Ticketmaster’s various websites. They obtained the information by hacking the third-party supplier working with the ticket sales company, Inbenta.

RiskIQ, which has been tracking Magecart since 2015, said the cyber hackers placed digital skimmers — devices that steal credit card data — on Ticketmaster websites after compromising Inbenta.

"Although Inbenta has avoided stating this directly, they were compromised," RiskIQ writes in their new report.

"Magecart actors breached their systems and, in separate instances, either added to or completely replaced a custom JavaScript module Inbenta made for Ticketmaster with their digital skimmer code."

RiskIQ also notes that Inbenta was not the only third-party provider affected.

"Inbenta wasn’t the only third-party provider Ticketmaster uses that was compromised by the Magecart actors. Many other merchants and providers aside from Ticketmaster and Inbenta have been affected by this actor," the blog post says. 

Ticketmaster said in June that only about 5 percent of their global customer base was affected by this cyber incident.

The breach, the company said, largely compromised the data of some of their U.K.-based customers — but not any customers in North America.