“This is a company with a legacy infrastructure. That’s what makes Ticketmaster exist. But that comes with a lot of legacy risks,” he said. “Old software and old hardware and old policies and procedures, all of which present more risks.”
Britton White, who says he works in cyberthreat intelligence at an anonymous private firm, posted on LinkedIn that Ticketmaster’s software partner, EPAM, had an employee account breached where an attacker took remote control of the victim’s system.
That attack method, White said in an interview, allows an attacker to bypass multi-factor authentication protections and bypass two-factor authentication, “stealing session tokens and cookies. With that level of access, these organizations simply won’t know they’ve been breached.”
However, he said he could not prove that that was the method of attack in this case.
Matt Harrigan, VP at Leviathan Security, said it was unclear whether the payment card information allegedly stolen would be enough to allow fraud.
Appropriate safety precautions
“You can’t buy a Ferrari with the last four digits of a credit card,” Harrigan said, adding that Ticketmaster appears to have taken reasonable steps to protect cardholder data.
Source link