Ticketmaster falls victim to worldwide digital card skimming attack

At the end of June, online ticket company Ticketmaster confirmed that Inbenta, a third-party website supplier, suffered a security incident. However, researchers now reveal it was more complicated than it appeared, and definitely not a one-time attack, reported RiskIQ.

Investigations show it was part of a highly sophisticated scam that targeted 800 e-commerce sites worldwide. The hackers responsible go by the name Magecart, a group of digital card skimmers with an elaborate technique: attacking companies that integrate their software with Ticketmaster and replace their javascript modules with malicious code designed to steal payment information. For example, Inbenta’s javascript module was compromised in this scam campaign. Besides its UK site, a number of Ticketmaster websites were affected, including sites from Ireland, Turkey and New Zealand.

“Ticketmaster Germany, Ticketmaster Australia and Ticketmaster International (previously mentioned in the Inbenta breach) were also compromised via another completely different third-party supplier of functionality,” the firm said.

It seems website hacking has lost its glory and Magecart is a group that researchers are familiar with, having expressed concern about them in the past. The breach affected other providers including a social media integration company, a web analytics company and a CMS platform. According to research, the hackers have been sending the skimmed payment details to a server from as early as December 2016

“Our investigation following the Inbenta breach uncovered evidence that the Inbenta attack was not a one-off, but instead indicative of a change in strategy by Magecart from focusing on piecemeal compromises to targeting third-party providers like Inbenta to perform more widespread compromises of card data,” analysts wrote.

Leave a Reply