Skip to main content

Ticketmaster security breach - the industry speaks

Ticketmaster has revealed it has suffered a major security breach after being hit in a cyber-attack last night. Thousands of UK customers may be affected by the breach, which was reportedly caused by malicious software on third-party customer support product Inbenta Technologies.

We spoke to some of the security industry’s leading minds to find out their opinions on the attack.

Allen Scott, consumer EMEA director, McAfee:

“Like so many businesses who fall victim to data breaches, Ticketmaster has been slow to respond and put right this wrong. To win the battle against online fraud, we need businesses to join forces and support one another in identifying and responding to security threats.

For any Ticketmaster customers concerned about the security of their personal information, there’s a few simple steps they should take immediately. Firstly, they should change their passwords straight away. We know it’s hard to remember all your passwords but using a password generator and manager can help solve this problem and ensure you don’t become an easy target.

Do not click on any links or open attachments you receive via email from Ticketmaster. Hackers will be eager to ride this wave by targeting customers with phishing emails. Clicking on links or attachments in these emails can lead to your devices becoming infected with malicious malware that enables hackers to get their hands on your personal and financial information. If you’re worried you may have fallen victim, search for Ticketmaster online and get in contact directly; don’t wait for Ticketmaster to come to you.

Finally, if you notice suspicious activity in your bank statements, contact your bank straight away to request a new card and highlight the fraudulent activity.”

Jake Moore, security specialist, ESET:

"When it comes to cyber security there is no silver bullet. You can never place all your confidence into one prevention method and relax. Cyber attacks aren’t a possibility, they are an eventuality. You will never have enough people, systems or money to prevent or detect an attack. 

In this latest attack it would be absolutely necessary to change your Ticketmaster password and any others that are the same in other accounts. At this stage it may not be known the extent to what has been taken which could be personal and payment information." 

Chris O’Brien, director intelligence operations, EclecticIQ:

“The news that the Ticketmaster breach was down to issues with a third-party supplier is worrying, but unfortunately no longer rare. The flexibility offered by the modern business landscape has led to the use of third parties becoming prolific. However, while these working relationships may be beneficial for those involved, the threat of external suppliers in the supply chain being compromised is increasing. 

We are moving towards a world where the suppliers who provide detailed security implementations and can demonstrate practical implementation of security standards will be in a better position than their competitors. Ensuring there isn’t a weak link in a supply chain is fundamental, but simply having an accreditation will soon not be enough to build trust between third parties and their partners. With the constantly evolving threat landscape making it difficult for organisation to know what to protect themselves against, it’s more important than ever that businesses and their suppliers work collaboratively in order to stand a chance of getting one step ahead of the bad guys.”

Sarah Armstrong-Smith, head continuity & resilience, Fujitsu UK & Ireland:

“What is clear from this latest attack is that every organisation, be it public or private, small or large, is vulnerable to an attack. Although there is no denying that organisational awareness is on the rise, those behind breaches are finding new and creative ways to bring an organisation to its knees.  

As attackers always have the initiative, even the best-run company could suffer from a hack or data theft. With GDPR in full force, companies need to be aware of all the channels cyber criminals can use to infiltrate the company and steal data, and take proactive steps to safeguard it. The ripple effects of an attack no longer stay within the four walls of an organisation, and businesses of all sizes must remain on the front foot to proactively identify and manage threats instead of waiting for breaches to happen.

After all, cybercrime is not a probability, it is an inevitability. It will be the way in which organisations prepares for it, however, that can make all the difference.”

Adenike Cosgrove, cybersecurity strategist, EMEA, Proofpoint

“The recent data breach at Ticketmaster marks one of the first major international breaches of EU personal data reported after the GDPR enforcement date, making this a case to watch with regard to consequences. Questions will be asked first and foremost about how sensitive personal data including payment information was shared, unencrypted, with a third party application.

This breach underscores why enterprise security teams must have clear visibility into the third-party applications running within their environments and appropriately secure them as more and more organisations rely on cloud-based solutions to conduct operations worldwide. Best practice calls for organisations to deploy a Cloud Access Security Broker (CASB) solution that combines user-specific risk indicators with cross-channel threat intelligence to analyse user behaviour and detect anomalies in third-party apps. Without this, organisations simply don’t know when users and corporate data are at risk. 

Organisations are at their weakest post-breach when it comes to fraud. As we saw with Equifax, hackers almost immediately distributed phishing attempts to try and capitalise on the incident. Users affected by this breach should be extremely vigilant in confirming the source of all emails that are sent to their email inbox; they should also change their password directly through Ticketmaster’s website, and sign up for the credit monitoring service that Ticketmaster has offered.”

Paul Cant, VP EMEA, BMC Software:

“Another day, another breach! It has been some time since we’ve seen a series of big names in the cyber security firing line, but with the number of multi-cloud environments and IoT devices continuing to rise, we are going to see more and more. Although we know there are many risk vectors, organisations have to be sure they are secured. With GDPR penalties looming large, organisations simply cannot afford to leave cybersecurity as an afterthought. 

Only by relentlessly examining internal processes can companies discover how their systems storing data are configured, how they’re connected, where any vulnerabilities sit – including through third party software and services - and then piece together a plan to remediate those vulnerabilities and correct them – keeping the personal data of their customers secure.”

Rodney Joffe, SVP and Fellow, Neustar:

“With another organisation falling victim to the threat of hackers, this latest security breach is a further reminder that strategies must be put in place to proactively manage cyber-attacks.

Increasingly, attackers are finding new and innovative ways to breach web perimeters – from web application and DDoS attacks to ransomware. Installing a Web Application Firewall (WAF) is crucial for preventing third parties like these from accessing a website and stealing customers’ sensitive and personal information. And with legislation such as GDPR in play, it is as important as ever that a unified 24/7 Security Operation Centre, including a user interface with real-time monitoring and reporting, is already in place.

Cyber-danger is real and, in times like these, it is critical that security is kept at the heart of all operations.”

Source: TechRadar

Popular posts from this blog

iPhone 14 Color Options: Which Color Should You Choose?

The iPhone 14 models are available in a range of color options, with entirely new hues available on both sets of devices, as well as some popular classics. The ‌iPhone 14‌ and iPhone 14 Pro lineups have different colors to choose from, so if you have your heart set on a particular shade, you may not be able to get your preferred model in that color. Check out our guide on the ‌iPhone 14 Pro‌ color options for more information about those devices. The ‌iPhone 14‌ and ‌iPhone 14‌ Plus are now available in a total of six colors, four of which are new shades. Although previous standard iPhone lineup color options have tended to be bolder and brighter, in 2022, Apple chose to offer a slightly more muted color palette, with the exception of a brighter PRODUCT(RED) and Yellow. The ‌iPhone 14‌ and ‌iPhone 14‌ Plus's six available color options are: Midnight Starlight PRODUCT(RED) Blue Purple Yellow Midnight and Starlight were carried over from the iPhone 13 lineup,

New MacBook Air Rumored to Launch in April With These 5 New Features

Apple plans to release a new MacBook Air with a larger 15-inch display in April , according to display industry analyst Ross Young. The laptop is expected to be powered by the M2 chip and will likely support Wi-Fi 6E and Bluetooth 5.3. While we wait for the new MacBook Air to be announced, we have recapped five new features that have been rumored or are likely to be included. 15-Inch Display The new MacBook Air is expected to be equipped with a larger 15.5-inch display , which would be the largest ever for the laptop. The current MacBook Air has a 13.6-inch display, and the laptop was offered in an 11-inch size many years ago. While a new 13-inch MacBook Air with an OLED display is rumored to launch in 2024, the 15-inch model is expected to have a traditional LCD. M2 Chip Like the 13-inch MacBook Air, the 15-inch model will reportedly be available with the M2 chip . Apple says the M2 chip has up to an 18% faster CPU, up to a 35% faster GPU, and up to a 40% faster Neural E

T-Mobile to Acquire Ryan Reynolds' Mint Mobile Brand

U.S. carrier T-Mobile today announced that it plans to acquire Mint Mobile, the affordable smartphone brand that is promoted by and backed by actor Ryan Reynolds. Reynolds and T-Mobile CEO Mike Sievert teamed up for a video letting customers know about the coming acquisition. The deal is for Ka'ena Corporation, the parent company of Mint Mobile, Ultra Mobile, and Plum, with T-Mobile paying up to $1.35 billion, split into 39 percent cash and 61 percent stock. The final purchase price will be settled later this year after the deal closes. T-Mobile plans to continue Mint Mobile's $15 per month pricing option, which provides 4GB of high-speed 4G or 5G data along with unlimited text and talk. T-Mobile is purchasing Mint Mobile's sales, marketing, digital, and service operations, and says that it will use the T-Mobile supplier relationships and distribution scale to help Mint Mobile grow. Mint Mobile's "industry leading" marketing expertise will be incorpor

Apple's First OLED iPad: All the Rumors So Far

Apple is developing OLED technology for the iPad , and the new displays are expected to come to the iPad Pro models as soon as next year. This guide aggregates everything we know about Apple's plans for the OLED ‌iPad‌. Sizing Apple is expected to offer the first OLED iPads in sizes that are similar to the current ‌iPad Pro‌ sizes, providing one smaller 10.9 to 11.1-inch model and a larger 12.9 to 13-inch model (rumors vary slightly on target display size). In the future, OLED ‌iPad‌ models could be as large as 15 inches . Rumors suggest that Apple supplier BOE is developing OLED displays as large as 15 inches, which could be used for a larger-sized ‌iPad‌. According to Bloomberg 's Mark Gurman , Apple is considering iPads that exceed 12.9 inches, and in 2021, he claimed that larger sizes were a "couple of years down the road, but could be scrapped all together. OLED Improvements Compared to the mini-LED technology that Apple uses for the 12.9-inch ‌iPad Pro‌