Skip to main content

Ticketmaster security breach - the industry speaks

Ticketmaster has revealed it has suffered a major security breach after being hit in a cyber-attack last night. Thousands of UK customers may be affected by the breach, which was reportedly caused by malicious software on third-party customer support product Inbenta Technologies.

We spoke to some of the security industry’s leading minds to find out their opinions on the attack.

Allen Scott, consumer EMEA director, McAfee:

“Like so many businesses who fall victim to data breaches, Ticketmaster has been slow to respond and put right this wrong. To win the battle against online fraud, we need businesses to join forces and support one another in identifying and responding to security threats.

For any Ticketmaster customers concerned about the security of their personal information, there’s a few simple steps they should take immediately. Firstly, they should change their passwords straight away. We know it’s hard to remember all your passwords but using a password generator and manager can help solve this problem and ensure you don’t become an easy target.

Do not click on any links or open attachments you receive via email from Ticketmaster. Hackers will be eager to ride this wave by targeting customers with phishing emails. Clicking on links or attachments in these emails can lead to your devices becoming infected with malicious malware that enables hackers to get their hands on your personal and financial information. If you’re worried you may have fallen victim, search for Ticketmaster online and get in contact directly; don’t wait for Ticketmaster to come to you.

Finally, if you notice suspicious activity in your bank statements, contact your bank straight away to request a new card and highlight the fraudulent activity.”

Jake Moore, security specialist, ESET:

"When it comes to cyber security there is no silver bullet. You can never place all your confidence into one prevention method and relax. Cyber attacks aren’t a possibility, they are an eventuality. You will never have enough people, systems or money to prevent or detect an attack. 

In this latest attack it would be absolutely necessary to change your Ticketmaster password and any others that are the same in other accounts. At this stage it may not be known the extent to what has been taken which could be personal and payment information." 

Chris O’Brien, director intelligence operations, EclecticIQ:

“The news that the Ticketmaster breach was down to issues with a third-party supplier is worrying, but unfortunately no longer rare. The flexibility offered by the modern business landscape has led to the use of third parties becoming prolific. However, while these working relationships may be beneficial for those involved, the threat of external suppliers in the supply chain being compromised is increasing. 

We are moving towards a world where the suppliers who provide detailed security implementations and can demonstrate practical implementation of security standards will be in a better position than their competitors. Ensuring there isn’t a weak link in a supply chain is fundamental, but simply having an accreditation will soon not be enough to build trust between third parties and their partners. With the constantly evolving threat landscape making it difficult for organisation to know what to protect themselves against, it’s more important than ever that businesses and their suppliers work collaboratively in order to stand a chance of getting one step ahead of the bad guys.”

Sarah Armstrong-Smith, head continuity & resilience, Fujitsu UK & Ireland:

“What is clear from this latest attack is that every organisation, be it public or private, small or large, is vulnerable to an attack. Although there is no denying that organisational awareness is on the rise, those behind breaches are finding new and creative ways to bring an organisation to its knees.  

As attackers always have the initiative, even the best-run company could suffer from a hack or data theft. With GDPR in full force, companies need to be aware of all the channels cyber criminals can use to infiltrate the company and steal data, and take proactive steps to safeguard it. The ripple effects of an attack no longer stay within the four walls of an organisation, and businesses of all sizes must remain on the front foot to proactively identify and manage threats instead of waiting for breaches to happen.

After all, cybercrime is not a probability, it is an inevitability. It will be the way in which organisations prepares for it, however, that can make all the difference.”

Adenike Cosgrove, cybersecurity strategist, EMEA, Proofpoint

“The recent data breach at Ticketmaster marks one of the first major international breaches of EU personal data reported after the GDPR enforcement date, making this a case to watch with regard to consequences. Questions will be asked first and foremost about how sensitive personal data including payment information was shared, unencrypted, with a third party application.

This breach underscores why enterprise security teams must have clear visibility into the third-party applications running within their environments and appropriately secure them as more and more organisations rely on cloud-based solutions to conduct operations worldwide. Best practice calls for organisations to deploy a Cloud Access Security Broker (CASB) solution that combines user-specific risk indicators with cross-channel threat intelligence to analyse user behaviour and detect anomalies in third-party apps. Without this, organisations simply don’t know when users and corporate data are at risk. 

Organisations are at their weakest post-breach when it comes to fraud. As we saw with Equifax, hackers almost immediately distributed phishing attempts to try and capitalise on the incident. Users affected by this breach should be extremely vigilant in confirming the source of all emails that are sent to their email inbox; they should also change their password directly through Ticketmaster’s website, and sign up for the credit monitoring service that Ticketmaster has offered.”

Paul Cant, VP EMEA, BMC Software:

“Another day, another breach! It has been some time since we’ve seen a series of big names in the cyber security firing line, but with the number of multi-cloud environments and IoT devices continuing to rise, we are going to see more and more. Although we know there are many risk vectors, organisations have to be sure they are secured. With GDPR penalties looming large, organisations simply cannot afford to leave cybersecurity as an afterthought. 

Only by relentlessly examining internal processes can companies discover how their systems storing data are configured, how they’re connected, where any vulnerabilities sit – including through third party software and services - and then piece together a plan to remediate those vulnerabilities and correct them – keeping the personal data of their customers secure.”

Rodney Joffe, SVP and Fellow, Neustar:

“With another organisation falling victim to the threat of hackers, this latest security breach is a further reminder that strategies must be put in place to proactively manage cyber-attacks.

Increasingly, attackers are finding new and innovative ways to breach web perimeters – from web application and DDoS attacks to ransomware. Installing a Web Application Firewall (WAF) is crucial for preventing third parties like these from accessing a website and stealing customers’ sensitive and personal information. And with legislation such as GDPR in play, it is as important as ever that a unified 24/7 Security Operation Centre, including a user interface with real-time monitoring and reporting, is already in place.

Cyber-danger is real and, in times like these, it is critical that security is kept at the heart of all operations.”



Source: TechRadar

Popular posts from this blog

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri

Technics EAH-AZ60 review: Contending in stunning fashion

Technics serves notice that everyone should notice these earbuds. Technics ventured into the wireless earbuds category to go after the big dogs in the race. Think of the likes of Sony, Bose, and Sennheiser on sound quality, as well as the best you can find on design and functionality. It's a combination that comes at a price, but if done right, it gets easier to justify spending more. That's the case Technics makes with its EAH-Z60 earbuds. Its newest pair aims to take what the company has done in the past and make it even better. The results are easy to like and are significant enough to consider them as serious contenders. Technics EAH-AZ60 review: Price and availability What's good What's not good The competition Should you buy? At a glance Technics EAH-AZ60 Bottom line: Technics didn't just do one thing right with the EAH-AZ60. It covered almost the whole gamut of what makes wireless earbuds feel and sound exceptional. As a result, the p

iOS 14 Favorites Widget: How to Make a Replacement With Shortcuts

In iOS 14 , Apple overhauled widgets and introduced an option for adding ‌widgets‌ to the Home Screen , but in the process, a well-loved Favorites widget that existed in iOS 13 was removed. The Favorites widget let users set certain contacts and contact methods as favorites that were easily accessible, so you could, for example, add a favorite option for messaging Eric or calling Dan, with those actions executed with a tap. Why the Favorites widget was removed is a mystery and it could be a simple oversight with Apple planning to reintroduce it later, but for now, those who relied on the widget can recreate its functionality with Shortcuts. It takes some effort, but it may be worth the time investment if you often relied on your Favorites. Creating a Favorites Shortcut Making a shortcut that replicates the behavior of the Favorites widget isn't too tough, but if you want multiple favorite options, you'll need to create a separate shortcut for each one in the Shortcuts

Top Stories: Apple Event Preview, iPad Pro With M4 Chip Rumor, New Beats Headphones, and More

It's been a long time since the last one, but an Apple event is finally right around the corner! While it's anticipated to be a fairly short pre-recorded affair, we're expecting to see the first updates to the iPad lineup in over a year and half, so make sure to tune in to see what Apple has in store. Other news and rumors this week included a couple of product introductions from Apple's Beats brand, a roundup of rumors about updates to Apple's stock apps coming in iOS 18, and more changes to Apple's policies in the EU related to the Digital Markets Act, so read on below for all the details! What to Expect From the May 7 Apple Event Apple's first event of 2024 kicks off on Tuesday, May 7, at 7 a.m. Pacific Time, and we've put together our usual pre-event guide outlining what we're expecting to see on Tuesday. Several new products are expected to be unveiled, including two new iPad Pro models, two new iPad Air models, an updated Apple Pencil,