The Ticketmaster attack was apparently only the ‘tip’ of the iceberg, according to cyber-security firm RiskIQ.
Several weeks ago, Ticketmaster UK revealed that malicious code in software provided by Inbenta – a third-party supplier – led to a data breach. According to the ticketing giant, less than 5% of its global customer base was affected.
That may be a vast understatement.
Magecart, a sophisticated hacking collective, was behind the attack. The group, previously known for hacking websites directly, has now shifted to attacking third-party software components.
Yonathan Klijnsma and Jordan Herman, researchers at RiskIQ, published their assessment on Magecart’s attacks. They found the group hadn’t only targeted Ticketmaster.
RiskIQ has tracked Magecart’s activities since 2015. The group’s credit card hacks have only increased in sophistication, frequency, and impact.
Affected suppliers in Magecart’s recent campaign – dubbed Serverside – include PushAssist, CMS Clarity Connect, and Annex Cloud, among many others.
The ticketing giant has now confirmed the data breach affected Ticketmaster International, Ticketmaster UK, GETMEIN! and TicketWeb from February 2018 through June 23rd, 2018. According to RiskIQ, however, attacks on the ticketing giant’s additional websites – Ireland, Turkey, and New Zealand, for example – started as early as December 2017.
Researchers also found a ‘Command and Control’ server used in the Ticketmaster attack has remained active since December 2016.