Technology, Top News

Ticketmaster breach was part of major card-skimming op, claims RiskIQ

THE TICKETMASTER DATA BREACH was part of a larger credit card-skimming operation that has hit more than 800 e-commerce sites worldwide.

That’s according to security firm RiskIQ, which claims that the Ticketmaster breach wasn’t a one-off incident, but rather part of a much larger campaign from threat group Magecart, which has been in operation since 2015.

Magecart, rather than hacking sites directly, targets companies that had installed a third-party software component to perform more widespread compromises of card data.  

RiskIQ claims that the group likely breached the systems of Inbenta and SociaPlus, both third-party suppliers integrated into Ticketmaster websites, and added to or replaced custom javascript modules with their digital credit card skimmer code.

“While Ticketmaster received the publicity and attention, the Magecart problem extends well beyond TicketmasterYonathan Klijsma, threat researcher at RiskIQ said. “We’ve identified over 800 victim websites from Magecart’s main campaigns making it likely bigger than any other credit card breach to date,

“In the case of a single, highly-targeted campaign we dubbed SERVERSIDE, we identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.”

RiskIQ says Magecart has broken into and installed card-skimming malware onto software from other widely used third-party vendors such as PushAssist, CMS Clarity Connect, and Annex Cloud.

RiskIQ’s investigation also shows that the Ticketmaster breach could be worse than first thought. Ticketmaster, which claims to have discovered the breach on 23 June before disclosing it a week later, said it impacted less than five per cent of its global customers and only affected UK customers who had attempted to purchase tickets.

However, RiskIQ says its investigation shows that Magecart has managed to compromise Ticketmaster sites in Ireland, Turkey, New Zealand, and Australia as well, adding that the Command and Control server used in the Ticketmaster attack has been active since December 2016. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend