Ticketmaster breach: The dangers of weak third-parties

Ticketmaster is still suffering the ill effects of a data breach they announced at the end of June 2018. When the news broke, it was first reported that millions of Ticketmaster customers’ payment details had been accessed by a bad actor. Sadly, the number of customers affected is expected to be greater than the initial estimate. On July 10, 2018 it was reported that this breach stemmed from an unregulated third-party software vendor that Ticketmaster used on their website. Let’s break down what happened and how this could have been prevented.

Ticketmaster and Magecart

Ticketmaster is a well-known online platform that sells tickets to live events. Since Ticketmaster is primarily online platform, they enlist the help of numerous third parties to keep their website up-and-running. Though these third-party vendors are necessary, they are always a risk when they aren’t properly regulated. For Ticketmaster, a hacking group known as Magecart placed a skimmer code on a third-party’s software that allowed the group to access payment card information. Specifically, the hackers targetted InBenta, a third-party that Ticketmaster uses for the chat function on their website, and used the third-party’s access as an entry point onto the Ticketmaster network. For millions of consumers that used Ticketmaster’s website to purchase tickets, they had their payment card information stolen because Ticketmaster failed to regulate their third-party access onto their network. Magecart was easily able to place malicious code to skim payment card numbers.

What’s worse is that Ticketmaster is supposedly not the only victim of this particular Magecart attack. The cybersecurity analyst group, RiskIQ, found that over 800 e-commerce websites have been affected through Magecart’s credit card skimming. If this is true, it would make it the largest theft of payment card details to date.

How Magecart works

This is not the first time the name Magecart has made news for a cyberattack. Since their first attack in 2016, researchers were able to recognize their unique style, which consists of targeting and attacking weak third-party vendors that organizations use. Once Magecart has found their victim, they either add to, or completely replace, a JavaScript module with malicious code that allows them to skim the credit card numbers that people enter into a websites payment portal.

It has been said that this Magecart attack is a threat on the same, or even greater, scale as the Target breach because this group of hackers has access to so many different third-party vendors’ systems. An access that is so extensive that they were able to send messages and threats to administrators who tried to remove the code.

A learning moment

Weak third-parties just aren’t cutting it in terms of cybersecurity, and the Ticketmaster breach highlights just that. From this breach, there can be good to come out of it. In its report, RiskIQ points out that hackers have gotten smarter because, “rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.” So, what can we learn from this huge cyberattack?

• Third-party breaches are here to stay: Since hackers are aware that the easiest route onto a larger network is to target a weak or unregulated third-party, they will continue to take this avenue. Implement third-party remote access that will allow you to be both compliant and safeguard your network against third-party breaches.
• Compliance issues: A cyberattack sheds light on a lot of different issues, including compliance. Specifically for all payment card transactions, enterprises must adhere to PCI DSS guidelines. In other words, Ticketmaster is dealing with the repercussions of this data breach because they were likely not being compliant. 
• Reputation and mistrust: Often the focus on a data breach is limited to the organization affected, let’s not forget about the consumers whose payment cards are now compromised as a result. This can lead to reputational issues for the brand. Consumers may have a hard time entrusting their data to a company that has already been breached.

Network protection is just as important internally as it is externally. Protect yourself, your clients, and your network by implementing the best secure remote access platform.

About SecureLink
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.