Ticketmaster Announces Data Breach Affecting 5% of All Users

Ticketing service Ticketmaster announced a data breach incident today that affected roughly 5% of its entire customer base, and has resulted in the theft of customer data, Ticketmaster login information, and payment details.

The breach didn't occur at Ticketmaster itself, but at Inbenta, a provider of AI-powered live chat widgets, which Ticketmaster was deploying on some of its localized sites across the world.

The ticketing service says that on Saturday, June 23, it detected that this live chat widget was being used to deliver malicious software to Ticketmaster users. The malicious software was logging and exfiltrating customer details.

North American users not affected

The company said that not all site visitors are affected, as not all users logged into the site or made purchases.

The malicious data collection appears to have impacted only international users. North American users are not affected, Ticketmaster said.

International users who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018, are affected.

UK users are also affected but to a lesser degree. Ticketmaster says the malicious data collection impacted its UK website only between February and June 23, 2018.

Ticketmaster is still investigating the incident. Nonetheless, the company has sent out emails to users who it believes were impacted and had their personal data collected. A copy of the email is available below.

Ticketmaster UK announces it's suffered a data breach due to malware in a third-party software product from Inbenta. Personal and payment info may have been compromised. pic.twitter.com/i6PJUFEsSv

— Martin Bryant (@MartinSFP) June 27, 2018

According to the ticketing service, the intruder used malicious code delivered through the Inbenta live chat widget to collect data such as names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details.

Ticketmaster says it disabled the Inbenta widget on all of its sites on Saturday, after discovering the breach. The company has published a website for its UK users with information on how customers can request free 12 month identity monitoring services.

Inbenta has not answered a request for comment from Bleeping Computer at the time of publishing. Bleeping Computer has inquired if the security incident might have affected some of Inbenta's other customers. The company lists on its websites clients such as Groupon, Change.org, Schlage, and Ticketbis.

Past incidents involving live chat providers

This is not the first time when a live chat widget provider has faced problems. Earlier this year, in April, Sears, Delta Airlines, and Best Buy announced data breaches after an attacker compromised the infrastructure of live chat widget provider [24]7.ai.

Also in April, PaneraBread exposed the card details of millions of customers after ignoring a security researcher's warnings for more than eight months.

In February, a massive cryptojacking campaign spread to thousands of sites via the BrowsAloud live chat provider, including many US and UK government sites.

On Thanksgiving last year, the infrastructure of LiveHelpNow was compromised by a hacker who deployed a copy of the Coinhive in-browser mining script on around 1,500 sites where the widget was being loaded to provide live support capabilities.

In addition, security researchers found that some live chat services provided by LiveChat and TouchCommerce also leaked the details of tech support personnel, potentially exposing the employes and their companies to more effective spear-phishing campaigns.