Skip to main content

Ticketmaster security breach - the industry speaks

Ticketmaster has revealed it has suffered a major security breach after being hit in a cyber-attack last night. Thousands of UK customers may be affected by the breach, which was reportedly caused by malicious software on third-party customer support product Inbenta Technologies.

We spoke to some of the security industry’s leading minds to find out their opinions on the attack.

Allen Scott, consumer EMEA director, McAfee:

“Like so many businesses who fall victim to data breaches, Ticketmaster has been slow to respond and put right this wrong. To win the battle against online fraud, we need businesses to join forces and support one another in identifying and responding to security threats.

For any Ticketmaster customers concerned about the security of their personal information, there’s a few simple steps they should take immediately. Firstly, they should change their passwords straight away. We know it’s hard to remember all your passwords but using a password generator and manager can help solve this problem and ensure you don’t become an easy target.

Do not click on any links or open attachments you receive via email from Ticketmaster. Hackers will be eager to ride this wave by targeting customers with phishing emails. Clicking on links or attachments in these emails can lead to your devices becoming infected with malicious malware that enables hackers to get their hands on your personal and financial information. If you’re worried you may have fallen victim, search for Ticketmaster online and get in contact directly; don’t wait for Ticketmaster to come to you.

Finally, if you notice suspicious activity in your bank statements, contact your bank straight away to request a new card and highlight the fraudulent activity.”

Jake Moore, security specialist, ESET:

"When it comes to cyber security there is no silver bullet. You can never place all your confidence into one prevention method and relax. Cyber attacks aren’t a possibility, they are an eventuality. You will never have enough people, systems or money to prevent or detect an attack. 

In this latest attack it would be absolutely necessary to change your Ticketmaster password and any others that are the same in other accounts. At this stage it may not be known the extent to what has been taken which could be personal and payment information." 

Chris O’Brien, director intelligence operations, EclecticIQ:

“The news that the Ticketmaster breach was down to issues with a third-party supplier is worrying, but unfortunately no longer rare. The flexibility offered by the modern business landscape has led to the use of third parties becoming prolific. However, while these working relationships may be beneficial for those involved, the threat of external suppliers in the supply chain being compromised is increasing. 

We are moving towards a world where the suppliers who provide detailed security implementations and can demonstrate practical implementation of security standards will be in a better position than their competitors. Ensuring there isn’t a weak link in a supply chain is fundamental, but simply having an accreditation will soon not be enough to build trust between third parties and their partners. With the constantly evolving threat landscape making it difficult for organisation to know what to protect themselves against, it’s more important than ever that businesses and their suppliers work collaboratively in order to stand a chance of getting one step ahead of the bad guys.”

Sarah Armstrong-Smith, head continuity & resilience, Fujitsu UK & Ireland:

“What is clear from this latest attack is that every organisation, be it public or private, small or large, is vulnerable to an attack. Although there is no denying that organisational awareness is on the rise, those behind breaches are finding new and creative ways to bring an organisation to its knees.  

As attackers always have the initiative, even the best-run company could suffer from a hack or data theft. With GDPR in full force, companies need to be aware of all the channels cyber criminals can use to infiltrate the company and steal data, and take proactive steps to safeguard it. The ripple effects of an attack no longer stay within the four walls of an organisation, and businesses of all sizes must remain on the front foot to proactively identify and manage threats instead of waiting for breaches to happen.

After all, cybercrime is not a probability, it is an inevitability. It will be the way in which organisations prepares for it, however, that can make all the difference.”

Adenike Cosgrove, cybersecurity strategist, EMEA, Proofpoint

“The recent data breach at Ticketmaster marks one of the first major international breaches of EU personal data reported after the GDPR enforcement date, making this a case to watch with regard to consequences. Questions will be asked first and foremost about how sensitive personal data including payment information was shared, unencrypted, with a third party application.

This breach underscores why enterprise security teams must have clear visibility into the third-party applications running within their environments and appropriately secure them as more and more organisations rely on cloud-based solutions to conduct operations worldwide. Best practice calls for organisations to deploy a Cloud Access Security Broker (CASB) solution that combines user-specific risk indicators with cross-channel threat intelligence to analyse user behaviour and detect anomalies in third-party apps. Without this, organisations simply don’t know when users and corporate data are at risk. 

Organisations are at their weakest post-breach when it comes to fraud. As we saw with Equifax, hackers almost immediately distributed phishing attempts to try and capitalise on the incident. Users affected by this breach should be extremely vigilant in confirming the source of all emails that are sent to their email inbox; they should also change their password directly through Ticketmaster’s website, and sign up for the credit monitoring service that Ticketmaster has offered.”

Paul Cant, VP EMEA, BMC Software:

“Another day, another breach! It has been some time since we’ve seen a series of big names in the cyber security firing line, but with the number of multi-cloud environments and IoT devices continuing to rise, we are going to see more and more. Although we know there are many risk vectors, organisations have to be sure they are secured. With GDPR penalties looming large, organisations simply cannot afford to leave cybersecurity as an afterthought. 

Only by relentlessly examining internal processes can companies discover how their systems storing data are configured, how they’re connected, where any vulnerabilities sit – including through third party software and services - and then piece together a plan to remediate those vulnerabilities and correct them – keeping the personal data of their customers secure.”

Rodney Joffe, SVP and Fellow, Neustar:

“With another organisation falling victim to the threat of hackers, this latest security breach is a further reminder that strategies must be put in place to proactively manage cyber-attacks.

Increasingly, attackers are finding new and innovative ways to breach web perimeters – from web application and DDoS attacks to ransomware. Installing a Web Application Firewall (WAF) is crucial for preventing third parties like these from accessing a website and stealing customers’ sensitive and personal information. And with legislation such as GDPR in play, it is as important as ever that a unified 24/7 Security Operation Centre, including a user interface with real-time monitoring and reporting, is already in place.

Cyber-danger is real and, in times like these, it is critical that security is kept at the heart of all operations.”

Source: TechRadar

Popular posts from this blog

Uber Eats exits seven markets, transfers one as part of competitive retooling

Uber Eats is pulling out of a clutch of markets — shuttering its on-demand food offering in the Czech Republic, Egypt, Honduras, Romania, Saudi Arabia, Uruguay and Ukraine. It’s also transferring its Uber Eats business operations in the United Arab Emirates (UAE) to Careem, its wholly owned ride-hailing subsidiary that’s mostly focused on the Middle East. “Consumers and restaurants using the Uber Eats app in the UAE will be transitioned to the Careem platform in the coming weeks, after which the Uber Eats app will no longer be available,” it writes in a regulatory filing detailing the operational shifts. “These decisions were made as part of the Company’s ongoing strategy to be in first or second position in all Eats markets by leaning into investment in some countries while exiting others,” the filing adds. An Uber spokesman said the changes are not related to the coronavirus pandemic but rather related to an ongoing “strategy of record” for the company to hold a first or s

Keep your Oculus Quest controllers going strong with these batteries

The Touch Controllers for the Oculus Quest 2 ship with one disposable AA battery each, but once those run out of juice, you should invest in the best Oculus Quest 2 replacement batteries to fill in for them. While the Touch Controllers last much longer than the headset's limited battery, it's still wise to invest in some rechargeable batteries or a stack of disposable batteries to stop your VR sessions from getting disrupted. Here are the batteries and chargers we recommend for your Oculus Touch controllers. Best rechargable batteries + charger Panasonic K-KJ55MCA4BA 3 Hour Quick Charger with 4 AA eneloop Rechargeable Batteries Staff Pick These rechargeable batteries store up to 2,000 mAh of power and can be recharged up to 2,100 times. They can be charged completely from dead or partially charged without damaging the energy storage memory. We recommend buying them with the quick charger accessory, which will get your AAs recharged in no time, but you can also purchas

These Android games support Bluetooth controllers and they're better for it

Gaming is simply better with a controller in your hands. Gaming on Android typically requires you to settle for using touchscreen controls. However, some gracious game developers take the time and effort to add support for Bluetooth gamepads— and we love them for it. Since so few games provide this feature, we've taken the time to test and compiled our list of the best games that let you play with the best Bluetooth controller in your hands. We'd also recommend getting a Style Ring or PopSocket which can help prop your phone up at a good angle for gaming. You might recognize some of these games from the best Android games roundup and for good reason. But you're here for the best games with controller support, after all, so here I present to you the best you can find on the Play Store. The games Call of Duty Mobile GRID Autosport Tesla vs Lovecraft Evoland 2 Horizon Chase World Tour Riptide GP: Renegade Modern Combat 5: Blackout GTA: San Andreas Oceanhor

What ancient advice can teach us about AI

Artificial Intelligence (AI) is everywhere. Siri, Alexa and Google Assistant have become indispensable to millions of users. Tesla Autopilot has the potential to change driving forever. And IBM Watson took a new job providing big data solutions to corporations after its first job was in jeopardy. Those are just the most prominent examples. Helpful applications of AI are being deployed in a broad spectrum of industries, but AI also has the potential to be misused. About the author  Jason Egnal is Chief Marketing Officer at Zenfolio . His background spans a variety of industries, including SaaS, AI, Fintech and Consumer Electronics.  Zenfolio, the website builder and photo sharing site , recently introduced technology that applies AI to assist photographers in selecting the best photos from the thousands of shots typically taken during a photo session. The advanced image recognition technology is tremendously powerful and can make photographers more efficient than they ever d