The company claims that a third party development is the incident’s cause
Cybersecurity and digital forensics specialists from the International Institute of Cyber Security report that Ticketmaster has claimed that the credential theft malware infection present on its website was not their fault, this in spite of the incorporation of Third party JavaScript in the payments section of its site. Through a letter, ticketing company’s lawyers mentioned that “Ticketmaster discards being responsible for this possible security incident”.
The incident in question is the infection of the company’s website with a credential theft malware known as Magecart. Upon hearing of the incident Ticketmaster blamed of the infection to “a customer service hosted on its website by Inbenta Technologies”. On the other hand, Jordi Torras, director of Inbenta, said: “If we had known that the script was being used in that way we would have prevented the company, as it poses a security threat.
A digital forensics investigator traveling from United Kingdom to the United States when the security breach occurred at the Ticketmaster site found that one of his bank cards was being used to perform unauthorized transactions in Belgium. After calling his bank to block the compromised card, the expert discovered that Visa had blocked another of his cards because of an “identity fraud”.
At the time the specialist stated: “Only payment cards linked to my Ticketmaster account were compromised. I have used other cards to pay for various online services and have not experienced any problems.”
After the incident many affected users began demanding Ticketmaster compensation. In response to these lawsuits, the lawyers of the firm Paul Hastings responded to the disgruntled users with a letter stating that the company was “conducting a thorough investigation into the possible security incident, its causes and the impact generated for the users”.
In the letter sent to the users the lawyers of the company assure that “the incident was presented as a result of software developed by a third-party infected with malicious code”. In addition, the company claimed that the servers and systems of its clients were not affected during the incident.
According to experts in digital forensics, if everything is such as Ticketmaster and Inbenta say, it is difficult to think that Ticketmaster did not commit negligence in implementing the JavaScript component that caused the malware infection.
On its website, Inbenta published: “After an additional investigation of both parties, we have confirmed that the origin of the security breach lies in a single piece of JavaScript code. Ticketmaster implemented this script directly on its payment page, without Inbenta being notified. If we had known that this JavaScript had been used in this way, we would have warned Ticketmaster of the risk it represented”.
The Magecart outbreak behaved as a sustained and widespread campaign. Malware operators moved from infecting individual websites to focusing on compromising third-party plugins on other web pages. Generally Magecart compromised items on different sites (usually JavaScript) and then injected the compromised elements to the websites to extract information from the payment cards used in those sites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.