Ticketmaster gatecrash: Gig revelers' personal, payment info glimpsed by support site malware

What a party pooper

Someone playing an instrument

Updated Ticketmaster UK has warned punters that malware infected one of its customer support systems – and may have siphoned off their personal information and payment details.

Anyone in Britain who bought, or tried to buy, a ticket from the biz between February and June 23 this year, and international customers who purchased, or attempted to purchase, tickets from September 2017 to this month, are at risk.

If you used Ticketmaster International, Ticketmaster UK, GETMEIN!, and TicketWeb websites to go to concerts and other gigs, that potentially means you. Folks in North America are unaffected, we're told.

The malware is understood to have had access to people's names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details. Affected users should change their passwords.

In a notice issued today, and sent to Reg readers who forwarded it on to us, the ticket seller said a software nasty got "on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster."

Inbenta, based in California, USA, is a maker of AI-based chat bots and search engines that offer customer support information and help. A spokesperson for Inbenta was not available for immediate comment. Inbenta's website at one point listed Ticketmaster as a case study – explaining it provided a dynamic FAQ and searchable knowledge base for the ticket slingers – but that page has been taken down, and Ticketmaster has cut Inbenta's tech from its services.

'Malicious software'

"On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster," the ticket biz said in a statement.

"As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites. Less than five percent of our global customer base has been affected by this incident. Customers in North America have not been affected.

"As a result of Inbenta's product running on Ticketmaster International websites, some of our customers' personal or payment information may have been accessed by an unknown third-party.

"We have contacted customers who may have been affected by the security incident. UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018."

Ticketmaster breach notice

Alert ... A copy of the notice sent today by Ticketmaster to gig-goers affected by the malware infection

Punters are being offered 12 months of identity-theft monitoring by Ticketmaster. If you have not received a message from Ticketmaster about the security cockup, your details are probably safe from the malware.

It’s unclear exactly how many customers records are affected: we have asked for more details. It is estimated up to 45,000 people in the UK have been hit by the cyber-intrusion. A staffer at UK data privacy watchdog, the ICO, confirmed it was aware of the network infiltration, and is investigating.

The spokesperson said: “Organisations have a legal duty to ensure that people’s personal information is held securely. We have been made aware of an issue concerning Ticketmaster and will be making enquiries.” ®

Updated to add

Inbenta has provided more details on the hack, claiming custom JavaScript code it wrote for Ticketmaster was placed on payment pages without its knowledge. This script was then modified by miscreants to siphon off people's personal and banking details.

"This code is not part of any of Inbenta’s products or present in any of our other implementations," the upstart said.

Jordi Torras, CEO of Inbenta, also told us in a statement:

We can confirm with 100 percent certainty that no data was taken from our servers and no other customers other than Ticketmaster were affected. The JavaScript we created specifically for Ticketmaster was used on a payments page, which is not what we built it for. Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat.

We are deeply sorry for anyone affected by the breach, and we are absolutely certain that no other customers of Inbenta have been hacked.




Biting the hand that feeds IT © 1998–2018