Ticketmaster security breach

This is awful! I am affected by this from when I booked my Hamilton tickets. They have sent me the following email:


Data security incident by third-party supplier

On Saturday, June 23, 2018, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.

As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.

As a result of Inbenta’s product running on the Ticketmaster UK website, some of our customers’ personal or payment information may have been accessed by an unknown third-party.

We are contacting you because you purchased, or attempted to purchase, tickets between February and June 23, 2018 and therefore may have been affected by the Inbenta incident.

Forensic teams and security experts are working around the clock to understand how the data was compromised.

We are working with the Information Commissioner’s Office (ICO), as well as credit card companies, banks and relevant authorities.

What we are doing:

Ticketmaster UK has established a dedicated website security.ticketmaster.co.uk to answer your questions about the Inbenta incident. You can also contact fan.help@ticketmaster.co.uk

As a precautionary measure, all notified customers will need to reset their passwords when they next log into their accounts


We are offering impacted customers a free 12 month identity monitoring service with a leading provider. To request this service please visit this page.

We recommend that you monitor your account statements for evidence of fraud or identity theft. If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies.

Ticketmaster understands the importance of your personal information. We take the protection of that information very seriously and we are sorry to have to write to you in these circumstances.

Faithfully,

The Ticketmaster Team

Yup, got the same email.

So annoyed at this especially at myself for keeping my TM account associated with a 20 year old Hotmail address that I use for nothing else. Microsoft have been the worst and I can’t recover the email account.

I got the same.

Interestingly I got the security breach email to one of my Ticketmaster accounts but not the other!

Apparently the problem was caused because Ticketmaster took a customer support script from a third-party company and embedded that script in Ticketmaster's payment page, which they shouldn't have done because that breaches the secure payment environment. Someone subsequently tampered with that script so they could siphon off payment details as they were entered. That means it only affects people who used that payment page while the tampering was present, rather than the more common case of somebody getting into a database and stealing historical information as well.

Well, I'm apparently part of this club, too. I received the notification from Ticketmaster two days ago but told myself not to worry, as only few customers were -really- affected.

Now I got an e-mail and text message from my credit card company that they deactivated my credit card for safety reasons and are sending me a new one. I assume this has to do with the Ticketmaster stuff and someone trying shenanigans on my card. Highly annoying, especially since I used Ticketmaster only once during the period.