SecurityBrief Australia logo
Australia's leading source of cybersecurity and cyber-attack news
Story image

Ticketmaster breached: here’s what seven security experts had to say

By Patrick Martlew
Fri 29 Jun 2018
FYI, this story is more than a year old

Ticketmaster has revealed details of a malicious security breach that occurred on Saturday (June 23), admitting that customer data may have been compromised.

The ticketing vendor reported that it’s UK arm identified malicious software on a customer support product hosted by Inbenta Technologies, who operates as a third-party supplier to Ticketmaster.

Ticketmaster says some of its customers' personal or payment information may have been accessed by an unknown third-party, as a result of Inbenta's product running on Ticketmaster International websites.

Other information which may have been compromised includes customer’s name, address, email address, telephone number, and Ticketmaster login details.

In a statement on Ticketmaster’s Australian website, the company said, “As soon as it was determined that there was potential unknown third-party access to certain personal information, Ticketmaster took swift action to address the issue and protect customers.”

The company says less than 5% of its global customer base has been affected by this incident, with customers in North America not at all affected.

Ticketmaster says those who may have been affected include UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018, as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018.

It also says that if customers have not been contacted via email, Ticketmaster doesn’t believe them to be affected.

Techday has received a number of comments from cybersecurity professionals representing a range of organisations, giving their take on the significance of the breach, whether Ticketmaster acted responsibly and what can now be done in the aftermath. 

Here’s what they had to say;

Australian Information Security Association (AISA)

AISA chairman, Damien Manuel has praised Ticketmaster for its swift reaction to the breach and being upfront about letting customers know. “I commend Ticketmaster for disclosing the data breach quickly and providing notification to affected customers encouraging them to be vigilant and check for fraudulent credit card transactions. In an age where we are dependent on complex digital systems, it is almost inevitable consumers will be impacted by data breaches,” Manuel says.

“This latest incident highlights the need for supply chain governance, as cybercriminals are now attacking the weakest points in the supply chain to gain access to data that can be monetised. The banking sector is very mature in this space and under APRA requirements, regular security audits are performed across the supply chain. “With the increase in data breach reporting, I urge organisations in every industry to perform similar cybersecurity reviews across their supply chains to help uplift the capability and maturity of those providers to build more robust and secure services. I also hope Ticketmaster uses this opportunity to help build business confidence by openly discussing the incident, so other organisations can learn from its experience.”


In polarisation to AISA, global privacy officer at CyberScout, Eduard Goodman says the breach has come about as a result of the reckless actions of the ticketing vendor.

"The recent Ticketmaster UK breach is a perfect example of organisational hubris-by ignoring and downplaying several indicators raised by a third-party bank trying to simply give Ticketmaster a heads up that they were likely having an issue. Ticketmaster has now placed tens of thousands of individuals at risk with a large number of their impacted customers now suffering actual fraud as a result,” Goodman says.

“Ticketmaster’s failure to recognise that a large percentage of data breaches are discovered and reported by third party organisations demonstrates a clear lack of understanding of the manner in which information security failings are increasingly being discovered.

“Organisations ranging from financial institutions and card companies to law enforcement and tax collectors have increasingly been the ‘canary in the coalmine’ for other organisations by discovering and pointing out previously unknown security breaches.”


SentinelOne Director of product management Migo Kedem says the breach represents an alarming trend on the rise.

“Every now and then we see cases where a legitimate application is either collecting unauthorised data or compromised to include malware or malicious info stealers. We've seen this happening with CCleaner, a popular Windows cleanup utility, infecting over 2.3 million users, discovered in April of last year,” Kedem says.

“I expect this trend to evolve even further. There are too many defence solutions relying on "who you are" rather than "what you do", so it becomes relatively easy to attack the supply chain of an application that was not designed to provide security.”


Varonis director of sales engineers Matt Lock says the breach sends a message to consumers that any organisation that hosts their information can be breached and they need to exercise caution. “Any popular website like Ticketmaster is a good target for criminals. Consumers who purchased tickets must be careful and vigilant – the scammers will be out to further prey on those affected by the breach. It’s bad enough if your credit card information is stolen, but don’t fall for a scam in its wake,” Lock says.

“Don’t respond to or click on any text messages or emails as scammers can easily camouflage their true identities. If you get a call from a number you don’t recognise – don’t answer. Check your payment card and bank statements on the regular to ensure nothing is amiss – criminals may try to charge small amounts to your card.

“If you suspect your payment card information was stolen, consider replacing your card. Know that criminals may now have your personal details and you could be a target in the long-term.”


Verodin head of behavioural research James Lerud says a breach like this calls into question whether Ticketmaster can still be trusted by consumers.

"Ticketmaster's business model is centred around being a trusted third party between promoters and consumers. A breach like this calls into question how much they can be trusted,” he says.

“Any company who outsources parts of their business that includes sensitive data needs to be extremely cautious to ensure they are not outsourcing security because the responsibility of safeguarding consumer data cannot be outsourced.

“In cases where sensitive data handling has to be outsourced extra effort needs to be taken to continuously verify the proper controls are in place. A periodic paper audit does not cut it, a program where controls are continually measured and improved must be implemented.”


In a similar vein to Verodin, Exabeam solutions architect Stephen Gailey says the breach serves as a wake-up call for Ticketmaster to take responsibility for the security of their customer's data, regardless how they use third-party technology partners.

"Ticketmaster, like other organisations that outsource some or all of their IT services, needs to understand that it can’t abdicate responsibility for security. It is the responsibility of every organisation to protect customers' data and to ensure that their downstream service providers are also taking adequate precautions.

“Similarly organisations that get breached need to realise that simply offering identity monitoring services is not an adequate response, particularly under GDPR. Where is the ICO in all of this?"


Finally, Sophos released a list of things that customers can do if they fear they their information has been compromised or are unsure.

The actions that Sophos says customers can take include the following;

  • If you’re one of the 40,000 account holders that Ticketmaster says was affected by the compromise, you should have received an email telling you to change your account password. This process should happen automatically the next time you try to log in.

  • If you haven’t been contacted, it’s still a good opportunity to ask yourself whether your Ticketmaster password is sufficiently strong. Change it if there’s any doubt. (This can be done by visiting the Ticketmaster “Forgotten Password” link.)

  • Keep an eye on your bank and payment card statements. Ticketmaster said it will offer affected customers a free 12-month identity monitoring service with a “leading provider”, but whether you take that offer up or not, you need to be on the lookout for unauthorised activity on your accounts.

  • Replace your payment cards as soon as you can if you’re on the list of Ticketmaster customers known to have been affected. In theory, the crooks oughtn’t to have the 3-digit CVV code from the back of your card, and in Europe, they oughtn’t to be able to clone your card, thanks to Chip and PIN, but you should get a new card (which invalidates the old one immediately) anyway.

  • Remember that it’s not just card payments that are at risk – the stolen data includes names and addresses, which puts you at risk of identity theft.

  • Keep a special eye and ear out for fraudulent emails, instant messages and phone calls that claim to be connected to this incident. If someone contacts you “about the breach”, never call or message them back based on contact information they gave to you – always find an independent source for the relevant phone number or email address, such as a printed receipt.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Adatree, Brother, Databricks, Nutanix & Rubrik
We round up all job appointments from May 20-26, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
4/10 Australian SMEs fallen victim to cyber-attacks since pandemic
Almost four out of teb SMEs in Australia have fallen victim to cyber-attacks since the pandemic began, according to a new study.
Story image
Third-party automotive apps bear significant privacy risks
Mobile applications for connected cars provide various features to make life easier for motorists, but they can also be a source of risk.
Story image
Fortinet introduces self-learning AI in latest offering
Fortinet is introducing self-learning AI capabilities in its new network detection and response offering, FortiNDR.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
MailGuard warns of new scam targeting Telstra customers
Telstra customers in Australia are being warned of a new scam involving "Unsuccessful Payment" messages.
Story image
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Customer experience
Gartner recognises Okta for abilities in Access Management
Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
Story image
APAC organisations fail to disclose ransomware breaches
85% of organisations in APAC were breached by ransomware at least once in the past five years, but only 28% publicly disclosed the incident.
Story image
Data Protection
Information management capabilities to meet privacy requirements
Organisations with customers or operations across more than one country face a spate of new and proposed privacy and data protection laws.
Story image
Asia Pacific plagued by sophisticated bad bots - report
The three most common bot attacks were account takeover, content or price scraping, and scalping to obtain limited-availability items.
Story image
Employees on the frontline of cyber defense - report
In the first quarter of 2022, employees found themselves more than ever at the frontline of cyber defense, according to a new report from Kroll. 
Story image
Sysdig unveils new Kubernetes troubleshooting and cloud innovations
Sysdig has introduced two new innovations that look to help bolster cloud services and simplify Kubernetes troubleshooting.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
The most common online scams in Australia
No one is safe from online scammers, and many of these scammers have capitalised on the pandemic, using this confusing time to attack more people than ever.
Story image
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Story image
Remote Working
Successful digital transformation in the hybrid work era is about embracing shifting goalposts
As organisations embraced remote working, many discovered they lacked the infrastructure needed to support history’s first global load test of remote work capabilities.
Story image
What every CISO must answer to enable a best-in-class security operations program
It has been widely reported recently that South Australian government employees have been the victims of a cyberattack.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
Accenture - a collective security approach a driving factor for cyber resilience
With the approaching Davos World Economic Forum upon us, it is even more imperative to discuss the impact of cybersecurity on business operations leading into the future.
Story image
Vishing attacks reach all time high - Agari and PhishLabs
"Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022."
Story image
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
Ponemon Institute
Email revealed to be riskiest channel for data loss
More than half (60%) of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Story image
More than 40% of banks worried about cloud security - report
Publicis Sapient's new report finds security and the lack of cloud skills and internal understanding of business benefits are big obstacles for banks moving to the cloud.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Elevation of Privilege the top 2021 Microsoft vulnerability
BeyondTrust has released its 2022 Microsoft Vulnerabilities Report, finding that Elevation of Privilege is the top vulnerability category for the second consecutive year.
Story image
New Relic
New Relic launches vulnerability management platform
New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.
Story image
Identity and Access Management
The post-pandemic workforce requires secure IAM capabilities
HID Global discusses what identity and access management means for organisations in today's convoluted digital world.
Story image
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
BYOD / Bring Your Own Device
How zero trust can lead the battle against ransomware
SecOps teams champion a zero trust strategy to support the fight against the escalating risk of cybercrime and help monitor threat actors across a network.
Story image
'Alarming' rise in ransomware threats - Verizon report
As criminals look to leverage increasingly sophisticated forms of malware, it is ransomware that continues to prove particularly successful.
Story image
Global cybersecurity insurance market worth $11.5b this year
Future Market Insights finds the cybersecurity insurance market is expected to reach USD$11.5 billion in 2022, growing to $61.2 billion in 10 years.
Story image
Cyber attacks
Devastating cyber attacks expected to hit energy sector
Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.
Story image
APAC ranks third-highest region targeted by ransomware
Asia Pacific has ranked the third-highest region globally to be targeted by ransomware, according to cybersecurity firm Group-IB.
Story image
WhatsApp and QR codes the next scam threat - report
KnowBe4 has warned it expects to see an increase in QR Codes and the WhatsApp chat platform being used for phishing and other scams. 
Story image
Infosec unveils role-guided cybersecurity training roadmaps
Infosec Skills Roles maps hands-on training and certifications to the 12 most in-demand cybersecurity roles to maximise training efficiency.
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
Check Point
Check Point and CCTV expert join forces to boost protection
The partnership will involve Check Point Quantum IoT Protect Nano Agent being embedded in Provision-ISR’s CCTV cameras for on-device runtime protection.
Story image
Cybersecurity prompts upgrade for 1.3 billion electricity meters
ABI Research finds Advanced Metering Infrastructure (AMI) and cybersecurity concerns are prompting the upgrade of 1.3 billion electricity meters by 2027.
Story image
Remote Working
Australia’s remote workers face connectivity and security issues
SOTI's new report finds better video conferencing technology and improved security measures are top concerns for remote workers in Australia.
Story image
Noname Security partners with Netpoleon to target API issues
Specialist API security firm Noname Security has appointed Netpoleon as its distributor in Australia and New Zealand.
Story image
Managed service provider
Barracuda MSP Day 2022 highlights MSP opportunities
Barracuda Networks has released a report showing global services-related MSP revenue is set to increase by more than a third in 2022 compared to 2021.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.