WavebreakmediaMicro - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

Ticketmaster breach: How did this card skimming attack work?

The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack worked from Nick Lewis.

RiskIQ Inc. researchers discovered that the hacking group Magecart has been running a digital credit card skimming campaign that caused a Ticketmaster breach and put customer information at risk. How did this campaign work and how is it different from other card skimming attacks?

Whether it's third-party software, third-party ad networks, cloud-related security or hardware vulnerabilities, the risk of third parties is difficult to understand and manage, and it requires more attention from enterprises. While some enterprises are getting their basic security hygiene in place at scale, the challenge of securing enterprises is constantly evolving to require more than just the basics.

RiskIQ researchers discovered that a third-party web functionality supplier known as Inbenta Technologies Inc., which is used for natural language processing to answer user questions, was compromised, allowing attackers to steal credit card information. RiskIQ reported that a hacking group -- dubbed Magecart -- was responsible.

As part of the attack that resulted in the Ticketmaster breach, Magecart compromised Inbenta and inserted malicious JavaScript into the Inbenta JavaScript code, which is used by the Ticketmaster website. The malicious JavaScript worked like a credit card skimmer or key logger, so any data submitted to the website was also sent to a drop server that was managed by the attacker, enabling Magecart to steal credit card information.

Previously, card skimming attacks copied credit card data off of physical cards during payment transactions. However, in this new attack, credit card data is submitted twice: once to the drop server controlled by Magecart and once to the Ticketmaster website.

The Ticketmaster breach may not be the only breach in this campaign, as the attack is carried by malicious code in the Inbenta software. Any customer using the Inbenta code could also be affected.

RiskIQ further detailed how several other suppliers were compromised to similar effect.

Once the credit card information is stolen, such as in a traditional card skimming attack, the information still needs to be monetized, which could involve the same methods as a traditional card skimming attack.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in December 2018

Dig Deeper on Data security breaches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has the Magecart malware affected your enterprise?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close