Ticketmaster Hacked


#1

Seems that Ticketmaster has also been hacked affecting 40k people in the UK

Based on our investigation, we understand that only certain UK customers who purchased or attempted to purchase tickets may have been affected by the incident. As a precaution we are also notifying all Ticketmaster International customers outside the UK that they will need to reset their passwords when they next log into their accounts. Customers in North America are not affected.

I try to use Google Pay or Paypal where possible, it at least gives some protection against things like this.


#2

Yeah, I just read @MrRobot’s post about this on the “Monzo Vs Starling” thread.

Monzo vs Starling

Pretty shocking from Ticketmaster, took them two months to identify the malware despite being informed of the breach by Monzo. That’s a lot of customers that may have had their details stolen while Ticketmaster knew there had been a security incident.


#3

I find it strange that only UK customers data was stolen, when the same software was used by them worldwide.


#4

It’s not UK only, foreign customers were at risk for even longer (since September 2017). They must have introduced their outsourced support platform to the UK several months after launching it abroad.


#5

I’m only quoting what ticket master have said about it only affecting UK customers.

Which countries have been affected?
Based on our investigation, we understand that only certain UK customers who purchased or attempted to purchase tickets may have been affected by the incident. As a precaution we are also notifying all Ticketmaster International customers outside the UK that they will need to reset their passwords when they next log into their accounts. Customers in North America are not affected.


#6

That means not all UK customers, only certain ones.


#7

@daedal reading the article back I think you’re right. When they said customers in North America were unaffected, I thought that meant everywhere else was included in the breach.


#8

Here, this is what makes me think it’s not just UK:

UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected as well as international customers who purchased, or attempted to purchase, tickets between September 2017 and June 23, 2018

.


#9

I have received an email from Ticketmaster about this breach. They think my details may have been compromised.


#10

I think they are just trying to cover their backs and released the statement quickly. The press release they sent out stated only UK customers are affected, originally they thought it was everywhere they used that software.


#11

Did this impact any starling accounts? Just wondering when starling were aware of this issue and how it was dealt with considering Monzo have known for a while. Did starling spot it too?


#12

In this case it was Ticketmaster informing customers rather than Mastercard telling the bank.

So I would assume Starling would only have noticed if there was unusual transactions on an account, with there only being about 40k customers affected, there can’t be that many Starling ones that would have been affected at all.


#13

I’m just interested because Monzo were able to spot it on such small numbers so clearly have good fraud detection in place, interested to know if starling managed to spot it too (if accounts were impacted) if they didn’t it would suggest Monzo has a more superior fraud detection system.

@LoganAllan @JamesPratley can you shed any light?


#14

Not 100% sure, but could be something to do with Monzo building it’s own processor for card payments, rather than using GPS, so I would assume they have had to write rules on how to detect fraud for the system they are creating.

But yeah be interesting to see if Starling noticed anything.


#15

I hope not. I’m still awaiting my new card from the Carphone whorehouse/Dixon’s breach. I just know it’ll turn up tomorrow when I’m out, despite being at home all week. I don’t want to go through the motions of changing my payments to use the new card, only to have to do it again


#16

Monzo’s added a blog post about what happened behind the scenes (and a handy timeline), in case you guys are interested on how this breach was identified.

Daniel Chatfield has also clarified that fraud teams work really closely between banks, and most large banks knew by end of May. I expect Starling must have reached out to any affected people (or they have realised they were affected when they got notifications) by now. Monzo has replaced a whopping 11,000 cards as a result of this.


#17

Nice to see Monzo being so proactive and open about it.

A few years ago Ticketmaster well one of their subsidiaries has an issue, since then when ever ordering tickets, I’ve always used a prepaid card or Google pay where possible.


#18

If it’s happened before you’d think they would take more precautions :disappointed_relieved: clearly can’t be trusted with users’ data!


#19

That’s happens a lot, companies being hacked more than once. In fact most major hacks have involved companies that have been targeted in the past. A big one I can think of is Talk Talk that’s up to 3 major hacks, but they still draw customers to them.

Dixons the one this year is the 2nd major hack in 5 years.


#20

I can see the ICO coming down quite heavily on repeat offenders, particularly now that GDPR is in force.