Ticketmaster Blames Malware-Plagued Chatbot for Data Breach

Ticketmaster has disclosed that "less than 5 percent" of its global customer base was affected by a data breach discovered on June 23. The company said malicious software in the Inbenta chatbot, which it uses to handle customer service, was gathering information and sending it to a third party. Ticketmaster disabled Inbenta's software across its websites as soon as it discovered the breach.

The breach is believed only to have affected Ticketmaster UK customers, but the company said it will ask all Ticketmaster International users to reset their login information the next time they sign in because Inbenta's chatbot was used on the Ticketmaster International, Ticketmaster UK, TicketWeb and GETMEIN! websites. Ticketmaster's North American users are thought to be unaffected.

Ticketmaster said whoever compromised Inbenta's chatbot may have stolen the "name, address, email address, telephone number, payment details and Ticketmaster login details" of affected customers.

The company will offer free one-year identity monitoring services through "a leading provider" to defend against identity theft and fraud. It also said anyone who might be affected should monitor their financial statements. Further, Ticketmaster claims it contacted anyone it believes was affected by the breach via email. But UK customers who used these websites between February and June--as well as "international" customers who used the sites between September 2017 and June 23--should still keep an eye on their finances.

Inbenta hasn't taken blame for the incident lying down. The company's CEO, Jordi Torras, offered more information in a blog post:

"Upon further investigation by both parties, it has been confirmed that the source of the data breach was a single piece of JavaScript code, that was customized by Inbenta to meet Ticketmaster’s particular requirements. This code is not part of any of Inbenta’s products or present in any of our other implementations. ... Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability. The attacker(s) located, modified and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018."

Torras said Inbenta resolved the vulnerability by June 26 and "thoroughly checked all custom and general scripts and snippets" to make sure other issues couldn't endanger user data. Because the vulnerability was found in a custom script written for and implemented by Ticketmaster into its websites, other Inbenta chatbot users shouldn't be affected, at least not by anyone using the same method leveraged in this incident.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.