Ticketmaster UK JavaScript Breach

Ticketmaster UK Breach Via JavaScript Chat App

In Uncategorized by Jeff Pelliccio

Whether you are online purchasing tickets for a high profile event or using a familiar mobile application of your favorite food vendor, cyberbreaches are hitting closer to home and are becoming a commonplace occurrence.

Businesses, especially those who interface with consumers and other third parties, should be keeping a watchful eye on these global security breach headlines so to better understand and remediate their vulnerabilities. Today, the threats are real and they are mounting.

If you’re looking for an endorsement for GDPR, perhaps the latest cyberbreach at Ticketmaster UK will prove to be an interesting test case. On Wednesday June 28th 2018, a breach at Ticketmaster compromised personally identifiable information (PII) of approximately 40,000 users. Ticketmaster claimed the breach occurred due to customized piece of JavaScript code present in Ticketmaster’s payment site chat application created by Inbenta which was then modified and used by the attackers to gain customers payment information

The incident was said to be discovered by Ticketmaster on June 23rd, but a pattern of fraudulent paycard activity was noticed as early as April 6th by UK digital bank Monzo. On April 12th, Monzo notified Ticketmaster that the origin of the cyberbreach came from their website.

After some further investigation a spokesperson for Inbenta claims the script was never intended to run in concert with anything containing sensitive information and yet despite this information Ticketmaster continued using the code without consideration of its initial intent, and decided to ignore evidence of the breach. Thankfully the issues have been fixed and the site has returned to normal operation.

GDPR (General Data Protection Regulation) is a great start at establishing standards for how businesses react and report malicious activities, but we can not become complacent. Remediation and reporting are not enough to stop these threat actors. While no amount of awareness, preparedness, and vigilance will keep your data absolutely secure, they are the keys to mitigating damages. Staying current with government policy changes, trending cyber breach news, technology advancements, and training will be doing right by your data and your clients.