Ticketmaster admits direct mailing system was hacked

Ticketmaster has admitted that its direct email marketing system was hacked and malicious emails were sent out "from an unauthorised party".

In an email to customers and in a message on its Facebook page, the TicketWeb division of the ticketing firm said recipients of its direct emails will have received as much as four messages on Saturday 11 February. One such email, seen by SC Magazine, has the topic line "Action Required: Update Your PDF Application", with links to an apparent update for Adobe Acrobat via a PDF application.

According to a blog at edeca.net, the domain inside the email at 2012-acrobat-adobe-download.com points to a Ticketmaster domain, with the mail server confirming thon the message came from 209.104.36.83, an IP address registered to ‘Ticketmaster Online â€" CitySearch, Inc'.

The blog said: “The fake website is nothing special but does use Adobe's trademarked logos and styles heavily. The disclaimer at the bottom probably won't get them out of this. The web site only exists to indicate the user to an affiliate link for some PDF-related software, which has nothing to do with Adobe itself.

“Nothing conclusively shows that Ticketmaster had been hacked. It can be an affiliate of theirs, or a customer who has permission to send emails using the Ticketmaster service. What's clear is that it definitely came from Ticketmaster and uses their service. Four hours after this was first reported to Ticketmaster on Twitter, the link still works and a few spammers somewhere are still collecting the clicking-through cash.”

TicketWeb said it took immediate action to shut the vulnerability and warranted recipients that no mastercard information was in peril.

“We sincerely regret any inconvenience this has caused. We're continuing to enquire this unauthorised access and should send you a follow-up email once we have more information,” it said.

Update

In a second email, TicketWeb instructed recipients of its emails to not follow links within emails and to delete the e-mail(s).

It said: “However, you probably have already followed the link you might have been asked to go into your own information and payment card information in to 3rd party websites.

“If you entered your card details upon following the link, you must contact your card issuer immediately. Your card issuer will advise you of the precise action to absorb your particular circumstances which might include the cancellation and replacement of your card.

“If you're issued with a replacement card, fraudsters will be unable to undertake fraudulent 'card-not-present' (internet shopping, telephone or mail order) activity to your account.”

It also reassured that no sensitive personal information or mastercard information were vulnerable directly from the TicketWeb UK direct email marketing system.

“We sincerely regret any concern that could were brought on by this incident and we are able to assure you we took immediate action to shut the unauthorised access once it was identified,” it said.

“TicketWeb UK takes the safety of your data in our systems very seriously and could be liaising with the knowledge Commissioner's Office in the case of this unauthorised system access.”