THE TICKETMASTER DATA BREACH was part of a larger credit card-skimming operation that has hit more than 800 e-commerce sites worldwide.
That’s according to security firm RiskIQ, which claims that the Ticketmaster breach wasn’t a one-off incident, but rather part of a much larger campaign from threat group Magecart, which has been in operation since 2015.
Magecart, rather than hacking sites directly, targets companies that had installed a third-party software component to perform more widespread compromises of card data.
“While Ticketmaster received the publicity and attention, the Magecart problem extends well beyond TicketmasterYonathan Klijsma, threat researcher at RiskIQ said. “We’ve identified over 800 victim websites from Magecart’s main campaigns making it likely bigger than any other credit card breach to date,
“In the case of a single, highly-targeted campaign we dubbed SERVERSIDE, we identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.”
RiskIQ says Magecart has broken into and installed card-skimming malware onto software from other widely used third-party vendors such as PushAssist, CMS Clarity Connect, and Annex Cloud.
RiskIQ’s investigation also shows that the Ticketmaster breach could be worse than first thought. Ticketmaster, which claims to have discovered the breach on 23 June before disclosing it a week later, said it impacted less than five per cent of its global customers and only affected UK customers who had attempted to purchase tickets.
However, RiskIQ says its investigation shows that Magecart has managed to compromise Ticketmaster sites in Ireland, Turkey, New Zealand, and Australia as well, adding that the Command and Control server used in the Ticketmaster attack has been active since December 2016. µ
Source : Inquirer