In June 2018, Ticketmaster disclosed that it had discovered unauthorized third-party access to some of its customer data. According to Ticketmaster, hackers were able to gain access to some customer information by exploiting a vulnerability in a customer support product made by Inbenta Technologies, one of Ticketmaster’s third-party technology suppliers.
What data was compromised in the Ticketmaster breach?
According to Ticketmaster’s statements, the data that was compromised in the breach included:
- Names
- Addresses
- Email addresses
- Telephone numbers
- Payment details
However, Ticketmaster has emphasized that not all customers were impacted and no payment card details were accessed. Financial details like credit card numbers are not stored on Ticketmaster’s servers so those could not have been compromised.
How many customers were affected?
Ticketmaster has said that less than 5% of its global customer base was affected by the breach. Given that Ticketmaster sells tickets for over 500 million fans globally each year, this suggests the number of impacted customers could be in the millions.
However, Ticketmaster has not provided specifics on the exact number of customers impacted. The company said that customers in North America appear to be the most affected, but customers in other markets like Europe were also impacted.
How did the breach occur?
According to Ticketmaster’s statements, here is what happened:
- Hackers exploited a vulnerability in third-party JavaScript code from Inbenta Technologies that was running on a customer support product on Ticketmaster websites.
- By injecting malicious code into Inbenta’s JavaScript running on Ticketmaster sites, the hackers were able to extract customer data that was sent to Inbenta’s servers.
- This went on undetected for several months between February and June 2018.
- After discovering the breach, Ticketmaster disabled the Inbenta product on all of its sites.
So in summary, the breach was made possible by hackers targeting a third-party supplier integrated into Ticketmaster’s websites, rather than Ticketmaster’s own systems. As soon as Ticketmaster discovered the breach, they took steps to block it.
How did Ticketmaster inform customers of the breach?
Ticketmaster began emailing affected customers on June 27, 2018 informing them that their data had been compromised. They also recommended customers change their passwords as a precaution. Here is an example email that went out to impacted customers:
Subject: Important update regarding your Ticketmaster account
Dear [customer name],
We are writing to inform you about an incident involving your Ticketmaster account information on our website. We recently discovered that some of your data may have been compromised as the result of a cybersecurity attack. We want to emphasize that not all Ticketmaster customers were affected, and no payment card details were accessed.
However, information including your name, address, email address, telephone number and Ticketmaster login details may have been compromised. As soon as we discovered the incident, we took action to block further unauthorized access and improve security on our systems.
Even though we have no evidence that your login details have been misused, we have reset your password as a precautionary measure. You should create a new password when you next log in to your Ticketmaster account.
We take privacy and security of customer data extremely seriously. We are working with leading cybersecurity experts to improve our systems and processes. If you have any other questions, please contact our customer service team at [customer service email/phone].
Thank you for your patience and understanding. We sincerely apologize for the inconvenience.
Sincerely,
The Ticketmaster Team
Ticketmaster also posted notices about the data breach on its website and social media channels to inform customers.
What steps did Ticketmaster take after the breach?
According to Ticketmaster, after discovering the breach they took the following steps:
- Disabled the Inbenta product across all Ticketmaster websites.
- Enhanced security measures including adding new firewalls and hardening their systems.
- Hired leading cybersecurity firms to conduct forensic investigations and security reviews.
- Contacted customers via email and phone to inform them and reset passwords.
- Offered free identity monitoring services to impacted customers.
- Replaced credit card security codes for some North American customers as a precaution.
Ticketmaster seems to have taken reasonable steps to strengthen security and protect customers in the aftermath of the breach. However, some security experts have criticized them for failing to detect the breach for several months when hackers first gained access.
Has Ticketmaster faced legal action related to the breach?
Yes, Ticketmaster has faced a number of lawsuits related to the 2018 data breach:
- In June 2018, a customer filed a $5 million class action lawsuit in California alleging Ticketmaster failed to adequately safeguard customer data.
- In July 2018, Ticketmaster was hit with another class action suit in Canada seeking $250 million in damages.
- In March 2022, Ticketmaster agreed to pay $10 million to settle a class action lawsuit related to the breach.
The settlement payments are still awaiting final approval but it demonstrates that Ticketmaster has faced substantial legal and financial consequences for the data breach.
Could a similar breach happen again?
Ticketmaster has said it is committed to improving its security practices and processes to better safeguard customer data in the future. However, cybersecurity experts say that data breaches are often inevitable as hacking techniques continue to evolve.
Key factors that could leave Ticketmaster vulnerable to future breaches include:
- Continued reliance on third-party suppliers – If vulnerabilities in third-party tools aren’t caught, hackers can exploit them to access Ticketmaster systems.
- Large customer database – With hundreds of millions of customer records, Ticketmaster will remain an attractive target for hackers.
- Sophisticated hacking methods – As hacking tools become more advanced, even robust security systems can sometimes be breached.
That said, the data suggests Ticketmaster has substantially upgraded its security protections since 2018. So while another major breach can’t be ruled out, Ticketmaster has hopefully made it much harder for hackers to penetrate its systems again.
Conclusion
In summary, here are the key facts surrounding the 2018 Ticketmaster data breach:
- Hackers exploited a vulnerability in third-party JavaScript on Ticketmaster websites to extract customer data.
- Less than 5% of Ticketmaster’s customers were impacted, but this could still be millions of accounts.
- Names, addresses, emails and other personal info was compromised.
- No credit card numbers were stolen, but some security codes were compromised.
- Ticketmaster emailed affected customers, reset passwords, and offered free identity monitoring.
- Multiple lawsuits have been filed against Ticketmaster resulting in a $10 million settlement.
- While Ticketmaster has improved security, experts say another major breach can’t be ruled out.
In the aftermath of a major data breach, all companies have to work diligently to earn back their customer’s trust by demonstrating they take privacy and security seriously. While Ticketmaster still faces many critics, the steps they have taken since 2018 suggest they are making a concerted effort to enhance protections and reduce the likelihood of history repeating itself.