Ticketmaster data theft, part of something bigger

Share this…

Data breach was not an isolated event, but part of a massive credit card theft operation

Secure data destruction specialists claim that the recent data breach at Ticketmaster was just the top of the iceberg of a broader and more ambitious credit card robbery operation.

It is believed that at least 800 e-commerce sites have been affected, after they have included a code developed by third parties and later modified by hackers, according to these experts in secure data destruction.

This massive credit card theft campaign perpetrated by a group called Magecart (active from 2015 at least) aims to software companies that create and provide code that developers include on their websites to improve the site experience for the client. After hackers break in and modify the code, it affects all the websites it runs on, which can affect millions of users a day.

Information threats and secure data destruction investigators mention that the Magecart campaign has a greater scope than any other data breach to steal credit card data to date, and they don’t predict that it will stop in the near future. By attacking code providers, hackers can get almost 10K victims instantly.

In the case of Ticketmaster, the company admitted that some customer payment data was compromised because its website was executing Inbenta code, a customer service software company that hackers had attacked. It is not uncommon for websites to rely on the code of a third party, hosted on other sites, to support their own. But they have a weak point that, if violated, can affect all the sites where the code is loaded. Inbenta said only Ticketmaster was affected, while Ticketmaster claims not using that same code on all its pages.

But secure data destruction specialists argue that the security breach of Ticketmaster was much larger than was thought, after several of its global sites ran code from a third party that had also been compromised by the group of hackers.

According to new reports, the code hosted by the SociaPlus Social analysis company had also been violated. Hackers would have changed the code to steal credit cards entered in the payment of any site where the code was posted.

According to these reports, any button or formin any page is compromised, so when a user clicks a button or sends a form to the fields on the page, the name and value of the fields are extracted, combined and sent to the Magecart property server.

A Ticketmaster spokesperson had already mentioned that it was difficult to comment without seeing the reports of the attack, and reiterated previous comments, denying the claims of the new reports.

Magecart also focused on other third-party code companies that rely on e-commerce sites for analysis, website support, and content delivery.

Utilizing the company’s patented threat research platform, it was discovered that four external code providers had been hacked by Magecart, ending with committed JavaScript stealing personal information from any user on all sites containing and loading the code.

Information security specialists from the International Institute of Cyber Security recommend not relying too much on any web platform that requires payment or credit card information, at least until the information leak stops.