Ticketmaster has admitted that its direct email marketing system was hacked and malicious emails were sent out "from an unauthorised party".
In an email to customers and in a message on its Facebook page, the TicketWeb division of the ticketing firm said recipients of its direct emails may have received up to four messages on Saturday 11 February. One such email, seen by SC Magazine, has the subject line "Action Required: Update Your PDF Application", with links to an apparent update for Adobe Acrobat via a PDF application.
According to a blog at edeca.net, the domain in the email at 2012-acrobat-adobe-download.com points to a Ticketmaster domain, with the mail server confirming that the message came from 22.214.171.124, an IP address registered to ‘Ticketmaster Online – CitySearch, Inc'.
The blog said: “The fake website is nothing special but does use Adobe's trademarked logos and styles heavily. The disclaimer at the bottom probably won't get them out of this. The website only exists to point the user to an affiliate link for some PDF-related software, which has nothing to do with Adobe itself.
“Nothing conclusively shows that Ticketmaster have been hacked. It could be an affiliate of theirs, or a customer who has permission to send emails using the Ticketmaster service. What is clear is that it definitely came from Ticketmaster and uses their service. Four hours after this was first reported to Ticketmaster on Twitter, the link still works and some spammers somewhere are still collecting the click-through cash.”
TicketWeb said it took immediate action to close the vulnerability and assured recipients that no credit card information was at risk.
“We sincerely regret any inconvenience this has caused. We are continuing to investigate this unauthorised access and will send you a follow-up email when we have additional information,” it said.
In a second email, TicketWeb instructed recipients of its emails not to follow links within emails and to delete the email(s).
It said: “However, if you have already followed the link you may have been asked to enter your personal information and payment card information in to third party websites.
“If you entered your card details upon following the link, you should contact your card issuer immediately. Your card issuer will advise you of the best action to take in your particular circumstances which may include the cancellation and replacement of your card.
“If you are issued with a replacement card, fraudsters will not be able to undertake fraudulent 'card-not-present' (internet shopping, telephone or mail order) activity on your account.”
It also reassured that no sensitive personal information or credit card information were vulnerable directly from the TicketWeb UK direct email marketing system.
“We sincerely regret any concern that may have been caused by this incident and we can assure you we took immediate action to close the unauthorised access as soon as it was identified,” it said.
“TicketWeb UK takes the security of your data in our systems very seriously and will be liaising with the Information Commissioner's Office in relation to this unauthorised system access.”