The company announced this week that they had discovered that software on a customer service product given by an unknown third party was proven to be malicious. The software, used by Inbenta Technologies, was secretly collecting the personal information of Ticketmaster’s users. The information stolen includes names, mailing addresses, email addresses, phone numbers, billing information, and usernames/passwords.
Fortunately for most, at this time it appears that the hack only affected users living in the UK, which amounts to less than 5% of Ticketmaster’s global user base. Because passwords were among the information stolen, Ticketmaster has recommended that their customers change their passwords if they have been used across multiple sites. This hack is just the latest example of how dangerous it is to reuse passwords across multiple accounts.
Although the hack affected a small portion of Ticketmaster’s users, the company has been scrutinized for not taking previous action, even when suspicions of a hack had already been raised. Monzo, a UK-based bank, had alerted Ticketmaster of a possible breach back in April, when they noticed many of their clients reported fraud on the same day as using Ticketmaster. According to Monzo, their concerns were not taken seriously by the company. In response to this information and the recent breach, the Information Commissioner’s Office (ICO) said it was "making enquiries" into Ticketmaster, to see if the company violated any part of the 1998 or 2018 Data Protection Acts.