TicketMaster - Data Security Breach

billybonkers

On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.

As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.

As a result of Inbenta’s product running on Ticketmaster websites, some of our customers’ personal or payment information may have been accessed by an unknown third-party.

We are contacting you because you purchased, or attempted to purchase, tickets between February and June 23, 2018. Whilst we have no evidence to suggest your data has been compromised, we are notifying you out of an abundance of caution.

Forensic teams and security experts are working around the clock to understand how the data was compromised.

We are working with relevant authorities, as well as credit card companies and banks.

What we are doing:

- Ticketmaster International has established a dedicated website security.ticketmaster.ie to answer your questions about the Inbenta incident. You can also contact fan.help@ticketmaster.ie

- As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts

- We are offering impacted customers a free 12 month identity monitoring service with a leading provider. To request this service please visit this page

We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies.

Ticketmaster understands the importance of your personal information. We take the protection of that information very seriously and we are sorry to have to write to you in these circumstances.



Faithfully,

The Ticketmaster Team

The Nal

"As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts".

If you got an email is that a notification?

johnnyskeleton

Whats an identity monitoring service? Do they ring you up and ask for Brian to see if youre still you?

Dr Turk Turkelton

johnnyskeleton wrote: »

Whats an identity monitoring service? Do they ring you up and ask for Brian to see if youre still you?

I'm Brian and so is my wife.

dreamers75

10+ Billion revenue, GDPR gonna have a field day if anything identifiable is in there.

Grab All Association

Wonder does it apply to Seatwave too?

GhostInTheRuins

I got the email too.

It's better to err on the side of caution I suppose. I called AIB and they've been in contact with ticketmaster, they said that they're not sure if card details have been stolen but aib recommended I get a new card just to be safe.

Zardoz

Neteller rang me on Monday saying that they had cancelled my Mastercard due to a potential security issue ,I was curious as to what it was at the time as I hadnt used it in a while ,now I think I know .

G_R

Off topic I know, but it's annoying that the website has a .ie domain and they constantly refer to UK customers only being affected.

Get the country name right lads

Toast

G_R wrote: »

Off topic I know, but it's annoying that the website has a .ie domain and they constantly refer to UK customers only being affected.

Get the country name right lads

It really isn't off topic because it is really confusing what has actually been leaked if you're an Irish customer or not. They refer to international customers (ie all non Ticketmaster US customers) maybe impacted then also specifically say the affected people are limited to UK customers but the mail to international customers is for precautionary purposes. So which is it? Also are we under the umbrella of UK customers (incorrectly?).

As a result of Inbenta's product running on Ticketmaster International websites, some of our customers' personal or payment information may have been accessed by an unknown third-party.

We have contacted customers who may have been affected by the security incident. UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected. As a precautionary measure we have also notified international customers who purchased in this period.

Which countries have been affected?
Based on our investigation, we understand that only certain UK customers who purchased or attempted to purchase tickets may have been affected by the incident. As a precaution we are also notifying all Ticketmaster International customers outside the UK that they will need to reset their passwords when they next log into their accounts. Customers in North America are not affected.

This is a mess.

dragonfly!

I got a text from BOI last week to say that there were sending me a new card due to fraudulent activity on my card
I guess I know who is to blame now...

JamieCarra

GhostInTheRuins wrote: »

I got the email too.

It's better to err on the side of caution I suppose. I called AIB and they've been in contact with ticketmaster, they said that they're not sure if card details have been stolen but aib recommended I get a new card just to be safe.

dragonfly! wrote: »

I got a text from BOI last week to say that there were sending me a new card due to fraudulent activity on my card
I guess I know who is to blame now...

Got a similar notification for a card that I would have used to order tickets for events in NI in the past but nothing for the card that I would have used for Dublin gigs yet,  BOI on the ball as usual...

Toast

AIB Customer care refuse to be drawn on twitter wheter it is necessary to cancel the card if you got the email. Just repeated the line on the mail to contact them if there was fradulent activity. My guess is either no one really knows what is up or they know the breach wasn't the actual account details but some way of using them in their stored state that is now closed.

JaMarcus

I tried to log in to Ticketmaster today and it wouldn't accept my password - kept saying it was incorrect. I use LastPass so I wasn't typing it incorrectly. I had to request a temporary password and change it before I could continue.

billybonkers

JaMarcus wrote: »

I tried to log in to Ticketmaster today and it wouldn't accept my password - kept saying it was incorrect. I use LastPass so I wasn't typing it incorrectly. I had to request a temporary password and change it before I could continue.

I would suggest you cancel what ever card you had associated with that account

drake70

JaMarcus wrote: »

I tried to log in to Ticketmaster today and it wouldn't accept my password - kept saying it was incorrect. I use LastPass so I wasn't typing it incorrectly. I had to request a temporary password and change it before I could continue.

Same for me

dragonfly!

JaMarcus wrote: »

I tried to log in to Ticketmaster today and it wouldn't accept my password - kept saying it was incorrect. I use LastPass so I wasn't typing it incorrectly. I had to request a temporary password and change it before I could continue.

Yep same and all I could think about was thank GOD its not an onsale morning:eek:

Zardoz

JaMarcus wrote: »

I tried to log in to Ticketmaster today and it wouldn't accept my password - kept saying it was incorrect. I use LastPass so I wasn't typing it incorrectly. I had to request a temporary password and change it before I could continue.

It says in the email that "As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts" .

You cant log in though to change the password ,you need to reset it .
You wont be able to log in unless you request a new password .
Not very well explained or implemented by Ticketmaster .

RockDesk

Zardoz wrote: »

It says in the email that "As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts" .

You cant log in though to change the password ,you need to reset it .
You wont be able to log in unless you request a new password .
Not very well explained or implemented by Ticketmaster .

I agree. I was worried because I thought I had been hacked and locked out of my account by who/what ever hacked the system because I didn't get the reset password prompt that Ticketmaster has said I get.

Tango One

The hackers tried to have a field day on my card last night. I should have cancelled my card. Most of the transaction where refused but a few went through. A pain in the arse this is now. My bank want me to contact the guards and open a case. I'm probably open to identity thief now too. All due to Ticketmaster incompetence

Fann Linn

Tango One wrote: »

The hackers tried to have a field day on my card last night. I should have cancelled my card. Most of the transaction where refused but a few went through. A pain in the arse this is now. My bank want me to contact the guards and open a case. I'm probably open to identity thief now too. All due to Ticketmaster incompetence

Any idea who is liable and more importantly whether the bank or ticketmaster will reimburse?Genuine question as I only purchased tickets a forthnight ago, and touch wood, all seems OK for now, however I'm constantly checking the account to make sure. I'd cancel the card only for I'm going on holidays soon and I'm afraid I won't have a new one in time.

Tango One

I'm sure the bank will reimburse me but I need to open a case with the guards. But it may take time plus I'm worried about identity theft too.

Arne_Saknussem

Fann Linn wrote: »

Any idea who is liable and more importantly whether the bank or ticketmaster will reimburse?Genuine question as I only purchased tickets a forthnight ago, and touch wood, all seems OK for now, however I'm constantly checking the account to make sure. I'd cancel the card only for I'm going on holidays soon and I'm afraid I won't have a new one in time.

I just canceled my card & they've said i'll have a replacement delivered before the end of the week.

Call me Al

Were these cards that have been compromised stored on your ticketmaster account?
I received the email but I don't ever store the card details with the account. I used ticketmaster twice recently enough but haven't had any dodgy transactions appear so far. My card expired last month so i got a new one anyway.

dragonfly!

Fann Linn wrote: »

Any idea who is liable and more importantly whether the bank or ticketmaster will reimburse?Genuine question as I only purchased tickets a forthnight ago, and touch wood, all seems OK for now, however I'm constantly checking the account to make sure. I'd cancel the card only for I'm going on holidays soon and I'm afraid I won't have a new one in time.

You should have a new card within a few days
I was contacted on the Tuesday and got a new card on the Friday

Fann Linn

dragonfly! wrote: »

You should have a new card within a few days
I was contacted on the Tuesday and got a new card on the Friday

Thanks. I'll have a word with the bank tomorrow.

RockDesk

I contacted my bank (BOI) who said that if I hadn't been contacted by them, that I should be ok. They're aware of the breach and are acting on it.

thebiglad

Just received the identification monitoring email from Ticketmaster - totally focused on UK customers so will be of limited use i fear - have filled in all I can and see if anything comes of it.

Had strange transactions on my BOI Credit Card about 1 month before I was contacted by Ticketmaster and BOI had already blocked and replaced the card for me.

As I have 10 cards which they can trace I put the card details into the portal of the provider given by Ticketmaster and they are not flagging the card as exposed (could be coincidence I suppose)...

phunkadelic

I was seeing warnings from Symantec AV on ticketmaster.ie for about a month. From mid May roughly.
Warning was along the lines of mass injection
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28821

ArrBee

I'm trying to decide if the identity monitoring offer is a wise move or not.

My take on it is that to be effective, you have to provide all your personal data to this 3rd party who will then use it to compare against data picked up from "dodgy locations" thus indicating your details are being traded.

with all of your data sitting at this 3rd party, surely they are an attractive target for attack?
never mind the data that ticketmaster may have leaked, this could be worse....

ArrBee

Call me Al wrote: »

Were these cards that have been compromised stored on your ticketmaster account?
I received the email but I don't ever store the card details with the account. I used ticketmaster twice recently enough but haven't had any dodgy transactions appear so far. My card expired last month so i got a new one anyway.

The way the hack was done was to scrape details from the payment screen as you were making a ticket purchase and send the data elsewhere.
it didn't need to be "stored" in ticketmaster at all.
In fact, ticketmaster wasn't breached to achieve the hack. A 3rd party vendor was supplying services to ticketmaster (customer management services) where the 3rd party hosts the code and the ticketmaster site references the external code that then runs in your browser.

It seems that between Ticketmaster asking the vendor to modify the code specifically for them, ticketmaster calling the code to run on the payments screen (not a bright idea), the 3rd party *possibly* being hacked and the code being altered (to send data out to the baddies), anyone making a payment will have data compromised.

ArrBee

Mr.S wrote: »

If you google the service, it gets pretty poor reviews.

Essentially the service will scrape the internet for data dumps of personal data (a bit like https://haveibeenpwned.com) and notify you if your details popup.

A far better option is to just cancel your card that was used on Ticketmaster & change your passwords for other, non ticketmaster, accounts that shared the same password.

Just remember that IF your card(s) get used, Irish banks are fairly quick at noticing fraud, and if charges go through, you'll get the money back.

Yeah I was aware how it worked etc. But I was wondering if it offered more (identity fraud) than just notifying around credit card number trading without actually increasing my risk by holding so much info in 1 place. Especially given the massive data breach last year at an equivalent company last year.

As it happens, mastercard seemed to have been notified on the Sat that Ticetmaster "discovered" the issue as they sent a cancellation notice to my bank that day and I wasn't able to use it on the Sunday.

In my case, I've decided not to bother with the 12months service, but have changed both email address and password for ticket master and have a new credit card.

Coinsguy

Does the number end in 35 by any chance? Because I'm in the same boat

John Hutton

My current account was emptied last night. Really regretted not cancelling my card when I got the Ticketmaster email. I have to wait for a letter now and go the Gardaí and may be until the end of next week before it's sorted.

The lady from the bank said she couldn't confirm I would be refunded it would have to be looked at first.

I said did she think it was scanned at am ATM, she said probably not and said unprompted that it was probably Ticketmaster if I used them (which reminded me of the email) she also said that she thinks the timeframe they gave for when their site was hacked is wrong and it went back much further

Call me Al

John Hutton wrote: »

My current account was emptied last night. Really regretted not cancelling my card when I got the Ticketmaster email. I have to wait for a letter now and go the Gardaí and may be until the end of next week before it's sorted.

The lady from the bank said she couldn't confirm I would be refunded it would have to be looked at first.

I said did she think it was scanned at am ATM, she said probably not and said unprompted that it was probably Ticketmaster if I used them (which reminded me of the email) she also said that she thinks the timeframe they gave for when their site was hacked is wrong and it went back much further

Really sorry to read that John Hutton.
I got a call from my cc provider to cancel my card wrt this fraud last Friday . Your comment 're the timescale matches something I was told. I was on a ticket master list they'd received.
He said he suspects it had been going on for 18 months.

ArrBee

And this is one of the negative aspects of all debit cards using visa these days... any breach can drain your money, then you have to chase to get it back.
At least with a credit card, you can dispute charges etc.

John Hutton

ArrBee wrote: »

And this is one of the negative aspects of all debit cards using visa these days... any breach can drain your money, then you have to chase to get it back.
At least with a credit card, you can dispute charges etc.

Once I get this sorted I'm going to get a credit card for online purchases.

I've never had one because I don't like the idea of it but I've been left in an awkward position now (I had just been paid so I'm stuck now)

Fann Linn

As an aside, I heard this morning that Willie Walsh of British Airways, is in the sh1t because a large amount of their customers details were compromised. Apparently, some legal firm is taking a case and it is reported that all concerned should be compensated and will receive approx £1000.

Is there anyway TM could be held liable and perhaps then they may get their house in order?

fed_u

I had a fraudulent transaction on my credit card. when I looked back one of the last transactions was TM so convinced that's where my details were gotten from!

ArrBee

Fann Linn wrote: »

Is there anyway TM could be held liable and perhaps then they may get their house in order?

Surely the answer has to be "yes"
Especially if there has been financial damage as a result as is being claimed.

It my be tricky to prove that the damage leads back to TM though??

There may even be a case to answer when fraudulent activity has not occurred?
The breach itself or mishandling of customer data my be punishable.

In my case, I found out due to my card being cancelled without me knowing.
The credit card company wouldn't even tell me the real reason, only that mastercard had had issued a request to cancel at a time that coincided with the reported discovery by TM.
it was a pain to be left without a card for 2 weeks while a new one was organised. I missed out on at least 1 online bargain because of it!

Exclamation Marc

ArrBee wrote: »

Surely the answer has to be "yes"
Especially if there has been financial damage as a result as is being claimed.

It my be tricky to prove that the damage leads back to TM though??

There may even be a case to answer when fraudulent activity has not occurred?
The breach itself or mishandling of customer data my be punishable.

In my case, I found out due to my card being cancelled without me knowing.
The credit card company wouldn't even tell me the real reason, only that mastercard had had issued a request to cancel at a time that coincided with the reported discovery by TM.
it was a pain to be left without a card for 2 weeks while a new one was organised. I missed out on at least 1 online bargain because of it!

It's tricky because yes, ticketmaster are liable for the loss of data. Thats one issue and one liability.

As regards financial liability, generally speaking if someone has been made aware that their card has been compromised and chooses not to cancel their card, the bank will look to make the person liable for any financial loss post-warning as they didn't act on the warning, hence Mastercard just cancelling the cards outright without looking for consent.

ArrBee

Exclamation Marc wrote: »

It's tricky because yes, ticketmaster are liable for the loss of data. Thats one issue and one liability.

As regards financial liability, generally speaking if someone has been made aware that their card has been compromised and chooses not to cancel their card, the bank will look to make the person liable for any financial loss post-warning as they didn't act on the warning, hence Mastercard just cancelling the cards outright without looking for consent.

Good point!

John Hutton

Whilst we have no evidence to suggest your data has been compromised, we are notifying you out of an abundance of caution.


The above was a piss poor warning

The Nal

All they asked for is a password change right? They didnt ask people to cancel cards.

Exclamation Marc

The Nal wrote: »

All they asked for is a password change right? They didnt ask people to cancel cards.

They noted that personal and payment information may have been taken.

They gave a half arsed warning on cards:

"We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies."

Fann Linn

The Nal wrote: »

All they asked for is a password change right? They didnt ask people to cancel cards.

Twas safer to cancel the card.

smacl

fed_u wrote: »

I had a fraudulent transaction on my credit card. when I looked back one of the last transactions was TM so convinced that's where my details were gotten from!

I've had credit cards hack on a few occasions over the last number of years and really it hasn't been a huge problem. They cancel the card, read through the transactions in reverse chronological order to the hack date, reverse out the dud transactions, and send out a new card. I've never been left out of pocket, only minor issue once was it happened when I was out of the country but I had an alternative card.

That said, as a rule these days I tend to use PayPal where it's an option, don't let sites store my card details where it isn't, and use Dashlane to manage and store strong passwords for all sites that I use.

billybonkers

New mail just received from TM

Data security incident by third-party supplier
We are writing to you regarding the recent data incident involving Inbenta Technologies, an external third-party software supplier that used to provide services to Ticketmaster.

As you may already be aware, as soon as we discovered that Inbenta’s technology was serving malicious software to the Ticketmaster UK site, we disabled the Inbenta product across all Ticketmaster websites.

As a result of Inbenta’s product running on the Ticketmaster UK website, some of our customers’ personal or payment information may have been accessed by an unknown third-party.

Our forensic teams and security experts have been working diligently to understand how the data was compromised.

As part of this investigation, we have uncovered evidence that suggests that you may have purchased, or attempted to purchase, tickets between February and June 23, 2018 and therefore may have been affected by the Inbenta incident.

We continue to work with the Information Commissioner’s Office (ICO), as well as credit card companies, banks and relevant authorities in their ongoing investigation into the malicious third-party behind the attack.

What we are doing:

Ticketmaster has established a dedicated website security.ticketmaster.co.uk to answer any questions you may have about the Inbenta incident. You can also contact fan.help@ticketmaster.ie
As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts
We are offering impacted customers a free 12 month identity monitoring service with a leading provider. To request this service please visit this page
We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies.

We understand the importance of your personal information. We take the protection of that information very seriously and we are sorry to have to write to you in these circumstances.



Faithfully,

The Ticketmaster Team

TheIrishGrover

Got a call today from Avantcard (Formally MBNA) abut cancelling my card. There were no dodgy transactions but it seems they are reissuing cards to everyone by default