Ticketmaster
Exploit: JavaScript chatbot with data scraper injected in to supply chain systems.
Risk to Small Business: High: Highlights how supply chain vulnerabilities can lead to massive data loss and exposure. Companies dealing with customer data / PII should have elevated security controls in place to prevent supply chain vulnerabilities.
Risk to Exploited Individuals: High: This breach leaves Ticketmaster customers vulnerable to identity theft.
Ticketmaster: A ticket purchasing website that is used globally for many types entertainment.
Date Occurred/Discovered: Discovered on June 23, 2018. Could have occurred as early as September 2017.
Date Disclosed: June 27, 2018
Data Compromised:
- Names
- Address
- Email address
- Telephone number
- Payment details
- Ticketmaster login details
How it was compromised: Malware hosted on a customer support product hosted by a third-party supplier which sent data to a remote location.
Customers Impacted: Ticketmaster has been telling the media that about 400,000 customers have been affected, but in their alert to customers they claim that ‘less than 5% of their customer base have been affected. 5 percent of their customer base comes out to 11.5 million, so we will have to see if their investigation into the breach will reveal more affected customers.
https://www.govinfosecurity.
https://security.ticketmaster.
