Ticketmaster has disclosed that "less than 5 percent" of its global customer base was affected by a data breach discovered on June 23. The company said malicious software in the Inbenta chatbot, which it uses to handle customer service, was gathering information and sending it to a third party. Ticketmaster disabled Inbenta's software across its websites as soon as it discovered the breach.
The breach is believed only to have affected (opens in new tab) Ticketmaster UK customers, but the company said it will ask all Ticketmaster International users to reset their login information the next time they sign in because Inbenta's chatbot was used on the Ticketmaster International, Ticketmaster UK, TicketWeb and GETMEIN! websites. Ticketmaster's North American users are thought to be unaffected.
Ticketmaster said whoever compromised Inbenta's chatbot may have stolen the "name, address, email address, telephone number, payment details and Ticketmaster login details" of affected customers.
The company will offer free one-year identity monitoring services through "a leading provider" to defend against identity theft and fraud. It also said anyone who might be affected should monitor their financial statements. Further, Ticketmaster claims it contacted anyone it believes was affected by the breach via email. But UK customers who used these websites between February and June--as well as "international" customers who used the sites between September 2017 and June 23--should still keep an eye on their finances.
Inbenta hasn't taken blame for the incident lying down. The company's CEO, Jordi Torras, offered more information in a blog post:
Torras said Inbenta resolved the vulnerability by June 26 and "thoroughly checked all custom and general scripts and snippets" to make sure other issues couldn't endanger user data. Because the vulnerability was found in a custom script written for and implemented by Ticketmaster into its websites, other Inbenta chatbot users shouldn't be affected, at least not by anyone using the same method leveraged in this incident.