Category: Data Breach

Ticketmaster Data Breach Failings

Ticketmaster is a well-known global ticket selling business and they suffered a data breach starting in February 2018 and continuing through to late June.

A piece of malware on a customer service system operated by a third party had been exporting customer data to a scammer and Ticketmaster claim to have known nothing about this until June 23rd.

However, Digital bank Monzo did spot in April that customers’ cards were being compromised and warned Ticketmaster but “couldn’t get any traction” out of the company.

Monzo contacted all of its customers who had ever dealt with Ticketmaster – about 5,000 – and replaced their cards.

It also told banks that are part of the UK Finance group in April that it was aware of what appeared to be a significant data breach at Ticketmaster.

Ticketmaster say they investigated at the time but found no problem. The fault was in third party software not Ticketmaster’s own software, but that doesn’t excuse their apparent lack of responsibility for their customers who were being compromised.

Ticketmaster eventually realised there was a serious problem and said customers who bought concert, theatre and sporting event tickets between February and 23 June 2018 may have been affected by the incident, which involved malicious software being used to steal people’s names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details.

The breach also affects customers of two other UK websites owned by Ticketmaster: TicketWeb and the resale website Get Me In!

Ticketmaster claims that the data for less than 40,000 people was affected.

Ticketmaster could face questions over whether there was a delay in disclosing the breach after it emerged that some UK banks had known about the incident since early April.

Ticketmaster has subsequently warned customers: “We recommend that you monitor your account statements for evidence of fraud or identity theft.

Ticketmaster said it was offering affected customers a free 12-month identity monitoring service. There is a dedicated website at security.ticketmaster.co.uk, and customers can also email fan.help@ticketmaster.co.uk for further information or to register their concern.

Companies need to protect their customer’s data, but also how they deal with such problems when they occur,  can affect the outcome as much as the details of the actual problem. Ticketmaster have not come out of this very well.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

MyFitnessPal Data Stolen

Sportswear brand Under Armour announced that its subsidiary MyFitnessPal suffered a significant data beach, compromising up to 150 million accounts.

The account information involved includes user names, email addresses and hashed passwords, but no financial information such as credit card numbers or identifiers such as social security numbers.

The breach has not exposed particularly sensitive user data, but it does affect a huge number of users and this has caused Under Armour’s stock to drop 4 percent. The breach occurred in February but was only identified in March. The company has been working to notify affected users and is expected to work with the police and data security firms to trace the source of the breach.

“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” Under Armour said in a statement. “The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”

In this case, the data storage was robust and the hackers have 150 million email addresses to sell but there’s little else they can do with the data.

If you are a registered user of MyFitnessPal – change your password immediately and if any of your other accounts have the same login and password then change them as well as hackers will try to find other accounts in your name.

Users of MyFitnessPal should be wary of emails in the coming weeks as there are likely to be scam messages and in particular may be messages that appear to be from MyFitnessPal but are from scammers.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

UBER Data Breach

UBER continues to be in the News for the wrong reasons – licensing issues, working conditions and pay for the drivers and data security.

But, are UBER maintaining customer data and driver data securely?

UBER suffered a huge data breach in 2016. The records of 57 million customers and drivers  were accessed by a hacker.

Uber only publicly disclosed the existence of the data breach in November 2017 close to a year after learning that hackers had infiltrated their systems.

The Uber Business

Between 2009 and 2016, UBER received around $11.5 billion in venture capital and private equity investment. It operates in 83 countries and 674 cities. UBER’s gross revenue in 2016 is reported to be about $20 billion.

UBER has 160,000 active drivers of which 14% are female. The drivers earn an average of $364 per month.

Uber’s Response

Uber said that of the 57 million people’s records accessed, about 2.7 million are British although it cannot be sure as it doesn’t always know the home country of its customers. Uber has about 5 million Britons on its systems.

For UK users, Uber stated that the affected data is names, mobile phone numbers and email addresses. The experts hired by Uber to investigate the data breach did not believe customers’ financial details were leaked.

However, its use may make other scams, such as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the National Cyber Security Centre (NCSC).

Uber says it is waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised.

Uber say “We are continuing to work with the NCSC plus other relevant authorities in the UK and overseas to ensure the data protection interests of UK citizens are upheld.”. The UK’s data protection commissioner expects Uber to alert affected users as it gets more information.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature