Skip to main content

Ticketmaster breach was only part of major campaign

(Image credit: Image source: Shutterstock/Ai825)

The Ticketmaster data breach from a few weeks ago was only part of a much larger security threat campaign, researchers have found. 

Experts from RiskIQ have claimed the attack wasn’t an isolated event, but rather piece of a much larger campaign from threat group Magecart that covered 800 other e-commerce incidents that happened around the world.

They’re saying Magecart no longer hacks sites directly, but instead targets widely used third-party components, which allows them access to more than 10,000 victims at a time. Inbenta and SociaPlus, third-party suppliers integrated with Ticketmaster websites, are also most likely hacked.

Magecart is a group that skims credit cards, digitally. They do it by injecting scripts into e-commerce websites, to record credit card data they receive when something is paid for.

Other suppliers, including PushAssist, CMS Clarity Connect, Annex Cloud, and “likely many others”, were also compromised by the Magecart actor.

"While Ticketmaster received the publicity and attention, the Magecart problem extends well beyond Ticketmaster," said Yonathan Klijnsma, Threat Researcher at RiskIQ. "We believe it's cause for far greater concern—Magecart is bigger than any other credit card breach to date and isn’t stopping any day soon.”

RiskIQ researchers found evidence the skimmer was active on Ticketmaster websites in Ireland, Turkey, and New Zealand since as early as December 2017. The Command and Control server used in the Ticketmaster attack has been active since December 2016. The full report can be found on this link.

Image source: Shutterstock/Ai825