“It is a firm that has lots of legacy infrastructure. It’s what makes Ticketmaster doable. However that comes with lots of legacy threat,” she mentioned. “Previous software program and previous {hardware} and previous insurance policies and procedures, that every one introduces lots of extra threat.”
Britton White, who publicly says that he works in cyberthreat intelligence for an unidentified personal sector agency, posted on LinkedIn {that a} Ticketmaster software program accomplice, EPAM, had an worker account breached the place the attacker took over distant management of the sufferer’s system.
That assault technique, White mentioned in an interview, permits the attacker to keep away from multi-factor authentication defenses and bypass two-factor authentication, “stealing the session tokens and cookies. With that stage of entry, these organizations simply received’t know that they’ve been breached.”
Nevertheless, he mentioned that he couldn’t show that that was the technique of assault on this case.
Matt Harrigan, a VP at Leviathan Safety, mentioned that it was not clear whether or not the fee card knowledge supposedly stolen can be ample to permit for fraudulent transactions.
Applicable precautions
“You’ll be able to’t purchase a Ferrari with the final 4 digits of a fee card,” Harrigan mentioned, including that it appeared Ticketmaster had taken the suitable precautions to guard cardholder knowledge.