Ticketmaster notified customers yesterday that malware had infected a third-party support system and up to 5 percent of their customers may have had their data compromised. Users of Ticketmaster UK, Getmein, and TicketWeb who purchased tickets between February and June 23rd of this year are at risk. The compromised data included names, phone numbers, addresses, email addresses, payment details, and login details. Ticketmaster sold 500 million tickets to over 86 million fans last year. No customers from North America were affected, which is a little good news. The malware was found on a “customer support product” hosted by Inbenta Technologies. “As a result of Inbenta’s product running on Ticketmaster International websites, some of our customers’ personal or payment information may have been accessed by an unknown third-party,” Ticketmaster said. Interestingly, the CEO of Inbenta quickly fired back at Ticketmaster, saying that the issue was “fully resolved” and was the result of a “single piece of JavaScript code” which had been customized to meet Ticketmaster’s specific requirements. “Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability. The attacker(s) located, modified, and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018,” he said. It would appear that the EU’s new GDPR is making companies just a little testy.
