Ticketmaster hack is just ‘tip of the iceberg’ – who else is at risk
A high-profile hack, involving the details of British users of the Ticketmaster website, may be just the first example of a more widespread campaign, it has been claimed.
Last month Ticketmaster was forced to admit that its users’ personal and payment details may have been stolen following a cyber hack.
However, now security experts in the US have warned that this may have simply been the “tip of the iceberg”, with the methods employed by the hackers still in force on a host of other sites.
50,000 websites found to be selling counterfeit goods, Action Fraud reveals
The Ticketmaster hack
In June Ticketmaster UK announced that it had found malicious software on a section of its site , which was hosted by a third-party firm called Inbenta.
As a result, information including names, addresses, email addresses, telephone numbers, login details and payment details were all at risk of having been stolen if users had purchased tickets between February and June 23rd.
A spokesperson for Ticketmaster said: "As soon as we discovered the malicious software, we disabled the Inbenta product across all Ticketmaster websites.
"As a result of Inbenta’s product running on Ticketmaster International websites, some of our customers’ personal or payment information may have been accessed by an unknown third party.”
Financial scams – How to stay safe
But is it worse than we thought?
However, concerns have been raised that this hack is actually far more wide-reaching than it first appeared.
A report from US security experts RiskIQ has suggested that the malicious code is not simply a one-off hack, but part of a concerted card skimming effort by a threat group called Magecart, with as many as 800 e-commerce sites potentially affected.
According to RiskIQ, Magecart targets software firms that build and provide code which retailers can use on their sites to improve the experience of customers like you and me.
The trouble is that if hackers can get in and alter that code, it affects EVERY website it runs on.
So while the dodgy code on the Ticketmaster site has been identified, there are potentially hundreds of other retailers still running the code right now.
Yonathan Klijnsma, threat researcher at RiskIQ, said that while the Ticketmaster breach has received the publicity and attention, the Magecart problem extends well beyond the ticket-selling site.
He added: “We believe it’s cause for far greater concern – Magecart is bigger than any other credit card breach to date and isn’t stopping any day soon.”
All time high in tax scam sites – what’s being done about it and how you can stay safe
Protecting yourself from hack attacks
Recent years have seen a host of these hack attacks, aimed at getting hold of the personal and payment details of Brits.
Scammers can wreak havoc if they do get their hands on your details, whether by buying things online using your accounts or committing identity fraud, opening further credit accounts in your name without you knowing.
While you can’t do much to help the likes of Ticketmaster from avoiding deploying malicious code on their sites, there are steps you can take to reduce your chances of falling prey to these attacks.
The first is to be extremely cautious about which sites you choose to use when spending money online, whether it’s to buy tickets for a gig, food, clothes or whatever. Take the time to ensure that the site you are on is legitimate before you rush to enter your payment details at the checkout.
It’s also really important that you keep a close eye on your bank and credit card accounts – if something suspicious pops up, you can quickly chase it up and flag it if it is fraudulent.
It’s a lot easier to spot odd transactions if you’re regularly checking your accounts, rather than trying to go through them months down the line to remind yourself of where and when you spent some cash.
Along similar lines, it’s worth keeping an eye on your credit report – that way you can see if fraudsters have been attempting to open accounts in your name, and ensure any successful attempts are quickly closed down.
Ticketmaster has offered a free 12-month identity monitoring service to those caught up in its hack.
Source: Read Full Article