Hackers are at it again. In late June, Ticketmaster announced that several of its sites had been compromised. Recent research reveals that this breach was only a small part of a massive credit card-skimming hack.
Here’s what you need to know about the Ticketmaster breach:
Sites like Ticketmaster often rely on a third-party code that is hosted on other sites to support their own payment systems. If this code is breached on its host site, every site that uses the code will be compromised.
That’s what happened with Ticketmaster. Several Ticketmaster websites ran code from Inbenta, a customer support software company. When Inbenta was hacked, the sensitive information of these customers was compromised.
Inbenta claimed only these Ticketmaster customers had been affected by the hack. However, cybersecurity firm RiskIQ has found that some of Ticketmaster’s global sites – including its U.S. site – were running code from SocialPlus, another third-party company that had been compromised by the same group that hacked Inbenta.
RiskIQ has stated that more than 800 international e-commerce sites have been compromised in this hack. That’s because any website that relied on code hosted on Inbenta or SocialPlus was also compromised.
To execute the hack, scammers changed the code on the host sites to skim the credit card information being entered at checkout on the e-commerce sites.
RiskIQ identified Magecart as the hacking group behind the attacks. This group has been active since December 2016, and RiskIQ has been tracking them for nearly as long.
According to a threat researcher at RiskIQ, this breach has a larger impact than any other credit card breach to date. The cybersecurity firm disclosed that close to 100 top-tier sites have been breached.
What should I do if my information has been compromised?
- Place a fraud alert on your credit accounts. This will warn creditors that you may have been victimized by identity theft.
- Consider a credit freeze. This will make it impossible for a hacker to open new credit in your name.
- Alert the Federal Trade Commission. Let the FTC know you’ve been hacked at ftc.gov.
- Tell your credit union or bank. They should help you determine your next step and guide you until your credit has been cleared.
- Dispute fraudulent charges. If you find any suspicious charges on your credit account, dispute them immediately.
Scammers never take a break. Make sure you know what to do if your information has been hacked.