How Ticketmaster Made Online Ticket Buying History With Undetected Web App Breach

Lorna Fimia

Global entertainment ticketing service Ticketmaster recently suffered a massive breach in security that resulted in nearly 40,000 customer credentials being taken over the course of a few months, from various countries including the UK.  The case generated a lot of press, increasing the worries of the general public and leaving some customers looking for compensation. Hayes Connor solicitors, for example, are looking to sue Ticketmaster for up to £5,000 per affected customer.

This is a prime example of the deepening financial and legal consequences of not adequately protecting customer data. With the new EU GDPR now in place, it’s only a matter of time before a company falls short of the regulation and so be faced with massive fines from the Information Commissioner’s Office (ICO).

Ticketmaster has now stated that “it is working with security companies to identify how the hackers were able to infiltrate the website.” It will also undoubtedly be implementing further security measures to ensure it doesn’t happen again. This is a worryingly familiar line fed to the media and the general public.  However, is this a case of too little too late?

web application breach at Ticketmaster was a high price to pay
Web application breach at Ticketmaster was a high price to pay

How Did the Breach Happen?

Inbenta, the third-party support customer service chat application embedded in the Ticketmaster website, was in fact breached rather than Ticketmaster itself. This gave Magecart (the group responsible for the attack) access to over 10,000 pieces of personal data from just one attack, compromising multiple different branches of Ticketmaster, including sites in Ireland and New Zealand.

This breach was not the first of its kind. The Magecart attack has affected over 800 e-Commerce sites all over the world by targeting third-party websites.  According to an investigation conducted by RISKIQ, the attack involved a piece of malicious code being injected into the normal code sequence used by Ticketmaster. As it did not affect the normal running of the software it remained undetected for a significant amount of time.  The code was part of a digital card-skimming attack, a hacking trend which has been on the rise since 2016. Details entered on the Ticketmaster website were also automatically stored in the hacker’s database.

Why Were Hackers Able to Infiltrate the Website?

The breach affected thousands of customers. Ticketmaster had no idea that it was being exploited as it was through a third party web application, and therefore the breach went undetected for months.

Kevin Beaumont, a security researcher, said that this method of targeting third-party services JavaScript libraries, such as AI chatbots, has been seen increasingly over the last few years. He goes on to say that however much your company invests in its security, a third-party breach could render that useless.

“Web-sites are becoming increasingly complicated with dozens if not hundreds of scripts, applications, and third party components to a single e-commerce site like Ticketmaster. Attackers are able to attack sites through weaknesses in any of these tools or the way they are configured, like social media or advertising plug-ins, AI chatbots, or even access tools for people with visual impairment. A Web Application Firewall is an essential first step in preventing abuse of customer data via web-site compromise.” Max Pritchard, Pre-Sales Consultant, activereach

With evolving hacking techniques and the rapid rise in DevOps, security measures such as WAFs are becoming increasingly important. Without them, your company’s website and all the data it stores, is vulnerable.

Best Practices for Preventing a Web Application Breach

As everybody in the security industry will tell you, cybercrime is an inevitability, not just a possibility. In order to protect your business and its data the best you can, it’s smart to learn from the mistakes of others and invest in the right security.

Ryan Blanchard, Cloud Market Intelligence Analyst at Oracle Dyn, says that along with the benefits the increased uptake of cloud computing has brought it has also meant a rapidly changing threat landscape. “It is imperative that organisations invest not only in their own security, but their consumers’ security as well. The solution [to the lack of time and resources] is the managed security offering that often accompanies a cloud WAF, which is monitored and maintained by security professionals with extensive experience in identifying and defeating critical vulnerabilities.”

The Ticketmaster breach highlights the importance of ensuring all your third-party add-ons are also secure. The web application breach was not recognised even after being notified by online bank Monzo that some data may have been compromised.

To ensure the safety of your company data, regularly checking security measures of any third parties is crucial. By implementing AI-driven cloud-based WAF infrastructure, even the most advanced attacks can be identified and blocked. Next generation bot identification technology can differentiate between legitimate web application users and malicious traffic. This eliminates any downtime and stops legitimate users being denied access.

activereach offers a complete range of WAFs to protect your web servers and applications from attacks and exploits, including management from our committed experts. With 24/7 monitoring from our partner security operation centre, we provide comprehensive protection against all types of web application and scripting attacks. If you would like to find out more about our WAF solutions, for both perimeter and cloud-based networks, please see our page here.