Monday 10th December 2018

Inbenta Technologies blames Ticketmaster for data breach

Inbenta's CEO claims the source of the problem was a single piece of JavaScript code that was modified by attackers. He also claims Ticketmaster placed the code on its payment pages without consulting Inbenta.
Jason Smith
by on 28th June 2018

In an announcement posted on its website, Inbenta Technologies has rejected Ticketmaster’s claim that its customer support product was at fault for a data breach that compromised the payment details of Ticketmaster’s customers.

In the announcement, Inbenta Technologies’ CEO Jordi Torras states the source of the problem is a single piece of JavaScript code that was provided to Ticketmaster by Inbenta. The script is a custom modification that wasn’t provided to any of its other clients.

Torras claims Inbenta was unaware Ticketmaster had implemented the JavaScript on its payment pages. He also states that had his team been aware of how the script was being utilized they “would have advised against it.”

According to Torras, the “attacker(s) located, modified, and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018.”

Its FAQ pages provide more detail and states, “[the script] presents a point of vulnerability that affects the capacity for web forms to upload files. It appears that the attacker used this vulnerability.”

The customizations were confined to 3 separate files from its customer support product.

Torras also states Inbenta has conducted a thorough review and discovered no other clients have been affected by the incident.