A recent data breach of ticketing service Ticketmaster was part of a larger credit card skimming operation, a cybersecurity firm reported Tuesday.
On June 27, Ticketmaster announced that the credit card information of some of its customers had been hacked. RiskIQ said in a new report that the breach did not appear to be an isolated incident; instead, some 800 e-commerce websites from across the globe were targeted by a hacking group called Magecart.
Magecart apparently infiltrated the database of a company called Inbenta Technologies that works with Ticketmaster, not Ticketmaster itself.
Magecart has been able to set up a system that skims data from people when they enter credit card information onto a website.
“Since 2016, RiskIQ has reported on the rise of card skimmers of the digital variety operated by the threat group Magecart that use scripts injected into websites to steal data that’s entered into online payment forms on e-commerce sites,” RiskIQ wrote in the report. “Hackers placed one of these digital skimmers on Ticketmaster websites through the compromise of a third-party functionality supplier known as Inbenta.”
RiskIQ said it identified some 100 well-known brands as other victims of Magecart’s ploy, but it would not make public those victims yet.
The researchers said it appeared that Magecart was becoming more sophisticated in its techniques.
“Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection,” the researchers said.
“Previously, they compromised individual websites and added new Javascript or links to remote Javascript files, but they seem to have gotten smarter—rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer.”
In some cases, adding the credit card skimmer system gave the group access to some 10,000 credit card numbers almost immediately.
.jpg)
.jpg)
.jpeg)