Tuesday, February 14, 2012

Hackers compromise TicketWeb email system

TicketWeb, the online booking subsidiary of Ticketmaster, has warned about spam email sent out to UK customers from its systems.
TickeWeb spam email warning
TicketWeb warned customers on Sunday to ignore phishing emails sent on Saturday that attempted to lure people into clicking on a link to update Adobe Acrobat.
Spam runs containing links purporting to be Adobe Acrobat Reader updates were sent out up to four times on Saturday using TicketWeb systems. The company issued an email on Sunday (above) asking customers not to click on links in the emails.
"We have discovered that our TicketWeb UK direct email marketing system was exposed to unauthorised access. As a result, you may have received up to four emails on Saturday, February the 11th, from an unauthorised party with the subject as 'Action Required: Update Your PDF Application' and containing a link to update an Adobe Acrobat PDF application. Please do not click this link, but delete the email."
TicketWeb said that customer credit card details had not been compromised, and that the company had taken "immediate action to close the vulnerability".
"We sincerely regret any inconvenience this has caused," said the email. "We are continuing to investigate this unauthorised access."

Purported Acrobat upgrade

The spam emails contained a link to a purported Acrobat Reader 2012 upgrade. "Since the Holidays are in full swing and the New Year is approaching, we've decided to unveil our latest Adobe PDF Reader/Writer 2012 Version," the spam email read.
Analysis of the spam email by CBS Interactive technology experts found the link took people to a Ticketmaster tracking URL, and then to a domain that was deleted at the time of writing. The domain's IP address,, was registered on WHOIS to an address in Shantou, China.
ZDNet UK contacted Ticketmaster UK customer services, and was told that the link took people through to a phishing page that asked for personal information.
Ticketmaster warned customers who entered credit card details on the site to contact their credit card issuers and potentially cancel their cards in a statement on Monday.
"Customers who may have entered card details upon following the link have been advised to contact their card issuer immediately for advice in respect of the best course of action to take in their particular circumstances," the company said in a statement. "TicketWeb UK take the security of customer data very seriously and will be liaising with the Information Commissioner's Office in relation to this unauthorised system access."
Ticketmaster, one of the largest ticketing companies in the world, declined to say how many UK customers had been affected by the hack.
Ticketmaster is part of US company Live Nation Entertainment.

No comments:

Post a Comment