A security breach at Ticketmaster brought on by malicious code from a third-party software company called Inbenta that had been compromised by a group called Magecart could affect many more retailers than originally thought, prompting concerns about a “wider, massive credit card skimming operation” according to security firm RiskIQ published in ZDNet.

“The Magecart problem extends to e-commerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern,” according to a report from RiskIQ’s Yonathan Klijnsma and Jordan Herman. “We’ve identified over 800 victim websites from Magecart’s main campaigns making it likely bigger than any other credit card breach to date.”

See Tickets 300×250

The report identified Magecart as a “threat group” and accused it of using “scripts injected into websites to steal data that’s entered into online payment forms on e-commerce sites.” In this case, the target for Magecart actors was payment details entered into forms on Ticketmaster’s website.

Magecart was introduced into the TM framework by Silicon Valley-based tech firm Inbenta which powers some of the ticketer’s chat features and customer support tools. On June 28, Inbenta chief executive Jordi Torras confirmed that “a single piece of JavaScript code, that was customized by Inbenta to meet Ticketmaster’s particular requirements,” was sending payment info to an unknown third-party on customers who were buying tickets.

Torras said the incident was confined to Ticketmaster, but RiskIQ affects more retailers than original estimates, adding that code hosted by social analysis company SociaPlus had also been breached with code to change to skim the credit cards entered at the checkout.

RiskIQ said its own proprietary threat identification software found four third-party code suppliers had been hacked by Magecart with many still hit by malicious code. In total the code is believed to be present on hundreds of sites, including more than 100 top retailers.

All of the code libraries, served on a countless number of websites, were skimming data from those sites and sending them to a central Magecart-controlled server.

“Personally I don’t trust a single online store anymore,” report co-author Klijnsma said. “Every single one of them could have their supply chain of functionality suppliers compromised.”

Dave Brooks
Follow Me

Dave Brooks

Founder & Executive Editor at Amplify Media
Dave Brooks has over 15 years experience as a writer, including eight years as the Managing Editor of Venues Today. He started Amplify in 2014 to give the industry its own voice and turn up the volume on live entertainment.
Dave Brooks
Follow Me

600×900 See Tickets Bank