CSTI
    breachThe Commercial Era (2010-2019) Daily Briefing Landmark Event

    Ticketmaster Breach Exposes Data of 5% of Global Customers

    Saturday, June 23, 2018

    Today, Ticketmaster has disclosed a substantial security breach that has compromised the personal and payment information of about 5% of its global customers. The breach is attributed to a vulnerable live chat widget developed by Inbenta Technologies, which allowed attackers to inject malicious code. This code harvested sensitive data from users interacting with specific regional Ticketmaster sites, primarily affecting international customers, while users in North America remained largely unaffected.

    The incident was discovered after several months of undetected exploitation, highlighting the prolonged risk that vulnerabilities in third-party services pose to organizations. The compromised data includes names, addresses, email addresses, payment details, and login credentials. Following the discovery, Ticketmaster promptly disabled the affected widget and is in the process of notifying the impacted individuals.

    In related news, cybersecurity experts are emphasizing the need for organizations to conduct thorough security assessments of all components within their technology stack. With many companies relying on third-party services, the risks associated with such partnerships remain significant. The Ticketmaster breach serves as a stark reminder of the importance of vendor management and continuous monitoring of third-party integrations.

    Additionally, the cybersecurity community is witnessing a surge in discussions around the implications of the General Data Protection Regulation (GDPR), which came into effect just weeks ago. Organizations are under increased scrutiny to protect user data, and breaches like Ticketmaster's could lead to substantial penalties under the new regulation.

    This morning, the breach raises questions about the effectiveness of existing security measures in place for third-party services. As organizations continue to integrate various external solutions, the need for robust security protocols and practices becomes increasingly critical. The Ticketmaster incident underscores the broader implications for the field of cybersecurity, as it highlights the necessity for continuous vigilance and proactive security strategies in an interconnected digital landscape.

    Sources

    Ticketmaster data breach third-party services GDPR