Behind The Scenes Of Ticketmaster Breach Incident

A couple of days ago, we came to know about a massive Ticketmaster data breach incident that exposed users’ financial details. Though Ticketmaster said it noticed the breach on June 23, 2018, recent reports point out a few anomalies. Recently, Inbenta, identified the source of the breach being down to Ticketmaster UK running customized vulnerable code. Monzo (a banking institution) explains that they had already warned Ticketmaster of the breach two months ago!.

Inbenta Explains About Ticketmaster Data Breach Incident

After the breach, Ticketmaster indirectly blamed its chat widget powered by Inbenta to be the source of the vulnerability. After it was highlighted it raised a question mark on Inbenta products. Inbenta’s CEO, Jordi Torras, released an official clarification statement about the matter.

“As the CEO of Inbenta, I’m writing you to convey (1) the full scope of the breach, and (2) how we have worked to ensure the issue is resolved.”

Explaining the root cause, CEO explained that the breach occurred through a single JS code customized for Ticketmaster. He says that Ticketmaster did not inform them about the use of that code.

“Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability. The attacker(s) located, modified, and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018.”

Inbenta has also created a separate FAQ page where it answered various concerns regarding the incident.

Monzo Warned Ticketmaster About The Breach Two Months Ago

Another striking observation about the Ticketmaster data breach incident comes from Monzo. In a blog post published on Thursday, Monzo explained that they already informed Ticketmaster about a possible breach back in April. They deemed it necessary to inform their customers about the matter.

“In the spirit of transparency, we want to share what happened, and what we did to protect our customers behind the scenes,”

says Natasha Vernier, Head of Financial Crime at Monzo.

Some of the Monzo customers reported fraudulent transactions on their Monzo cards. Monzo began investigating the matter and found that the affected customers last used their cards on Ticketmaster. Meanwhile, they also notified Ticketmaster regarding the matter.

“Given the pattern that was emerging, we decided to reach out to Ticketmaster directly. On Thursday 12th April, members of the Ticketmaster security team visited the Monzo office so we could share the information we’d gathered. They told us they’d investigate internally.”

Since Monzo noticed repeated incidents of such fraudulent transactions, they began replacing the cards of their affected customers.

“At this point, we were confident that there’d been a breach, so we told Mastercard directly and decided to proactively replace every Monzo card that had been used at Ticketmaster.”

However, at that time, Ticketmaster denied any vulnerability in their system.

“Throughout this period we were in direct contact with Ticketmaster. On Thursday 19th April, they told us an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”

After the news about the Ticketmaster data breach surfaced online, Monzo, once again, replaced all potentially affected cards.

Was It Intentional?

In their press release, Ticketmaster said that they noticed the breach on June 23, 2018. However, taking into account the above two sources, Ticketmaster’s unawareness about the matter seems dubious.

Anyhow, the investigations are underway. Maybe some more interesting will come up in the coming days. If Ticketmaster proves to be at fault, it may have to pay a hefty fine according according to the new EU GDPR laws.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients