The company has blamed a third-party support customer service chat application for the data breach that believed to affect tens of thousands of its customers.
The customer support chat application, made by Inbenta Technologies—a third-party artificial intelligence tech supplier—used to help major websites interact with their customers.
In its statement, Ticketmaster said it discovered malicious software on the customer support application hosted on its UK website that allowed attackers to extract the personal and payment information from its customers buying tickets.
Ticketmaster disabled the Inbenta product across all of its websites as soon as it recognized the malicious code.
However, Inbenta Technologies turned away blame back to Ticketmaster, saying that the ticketing service deployed the chat application improperly on its website.
Compromised information includes name, address, email address, telephone number, payment details and Ticketmaster login details of its customers.
"Forensic teams and security experts are working around the clock to understand how the data was compromised," Ticketmaster said. "We are working with relevant authorities, as well as credit card companies and banks."Neither Ticketmaster nor Inbenta did say the number of customers affected by the incident, but the ticketing service did confirm that less than 5% of its global customer base has been affected.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Inbenta is entirely confident that no other customer of Inbenta has been compromised in any way, and that the incident has "nothing to do with any of its industry-leading AI and machine learning products," which serve hundreds of customers on six continents.
"We can fully assure our customers and end-users that no other implementation of Inbenta across any of our products or customer deployments has been affected," Inbenta said.Ticketmaster said that it has emailed all affected customers, and is offering 12 months of free identity monitoring service for those who have been impacted.
Affected customers are also advised to keep a close eye on their bank account transactions for signs of any suspicious activity, and immediately notify their banks if found any.
Users are also advised to be cautious if they receive any suspicious or unrecognized phone call, text message, or email from anyone saying you must pay taxes or a debt immediately—even if they provide your personal information.