July 11, 2018//Ellen Neveux
Ticketmaster is still suffering the ill effects of a data breach they announced at the end of June 2018. When the news broke, it was first reported that millions of Ticketmaster customers’ payment details had been accessed by a bad actor. Sadly, the number of customers affected is expected to be greater than the initial estimate. On July 10, 2018 it was reported that this breach stemmed from an unregulated third-party software vendor that Ticketmaster used on their website. Let’s break down what happened and how this could have been prevented.
Ticketmaster and Magecart
Ticketmaster is a well-known online platform that sells tickets to live events. Since Ticketmaster is primarily online platform, they enlist the help of numerous third parties to keep their website up-and-running. Though these third-party vendors are necessary, they are always a risk when they aren’t properly regulated. For Ticketmaster, a hacking group known as Magecart placed a skimmer code on a third-party’s software that allowed the group to access payment card information. Specifically, the hackers targetted InBenta, a third-party that Ticketmaster uses for the chat function on their website, and used the third-party’s access as an entry point onto the Ticketmaster network. For millions of consumers that used Ticketmaster’s website to purchase tickets, they had their payment card information stolen because Ticketmaster failed to regulate their third-party access onto their network. Magecart was easily able to place malicious code to skim payment card numbers.
What’s worse is that Ticketmaster is supposedly not the only victim of this particular Magecart attack. The cybersecurity analyst group, RiskIQ, found that over 800 e-commerce websites have been affected through Magecart’s credit card skimming. If this is true, it would make it the largest theft of payment card details to date.
How Magecart works
It has been said that this Magecart attack is a threat on the same, or even greater, scale as the Target breach because this group of hackers has access to so many different third-party vendors’ systems. An access that is so extensive that they were able to send messages and threats to administrators who tried to remove the code.
A learning moment
Weak third-parties just aren’t cutting it in terms of cybersecurity, and the Ticketmaster breach highlights just that. From this breach, there can be good to come out of it. In its report, RiskIQ points out that hackers have gotten smarter because, “rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.” So, what can we learn from this huge cyberattack?
Network protection is just as important internally as it is externally. Protect yourself, your clients, and your network by implementing the best secure remote access platform.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.