Ticketmaster is a popular American ticket sale and distributor company that sells tickets of different events around the world, mostly in US. Recently Ticketmaster has suffered a huge data breach in which customer’s information and payment information are breached due to external third party.
The company has blamed a third-party support customer service chat application, made by Inbenta Technologies, an artificial intelligence tech supplier used to help major websites to interact with their customers.
Ticketmaster said in a statement on site that they discovered a malicious software that extracts the personal and payment information of the customers. According to their estimate more than 40,000 UK customers are affected in the breach. They have made the website for the queries and support of the affected customers and offered them 12 month free identity monitoring service. Information that may have been compromised includes names, addresses, email addresses, telephone numbers, payment details and Ticketmaster login details.
Ticketmaster disabled the Inbenta product across all of its websites as soon as it recognized the malicious code.
However, Inbenta Technologies turned away blame back to Ticketmaster, saying that the ticketing service deployed the chat application improperly on its website and upon further investigation Inbenta concluded that there was a java script that they didn’t implemented and Ticketmaster implemented on their own improperly and that script allowed the attackers to extract the information. They presented the vulnerability to the attackers. Inbenta chief executive Jordi Torras declared this in the statement on the site.
His word were
“This code is not part of any of Inbenta’s products or present in any of our other implementations. Ticketmaster directly applied the script to its payments page, without notifying our team.”
On the other hand Ticketmaster is blaming Inbenta for the breach. However, both parties has denied the responsibility of attack. The affected users are recommended to change their bank credentials along with the login details.