Vivendi Ticketing, doing business as ‘See Tickets,’ has informed 323,000 customers that their payment card details were stolen by hackers who managed to plant skimmers on its websites.
See Tickets is an international ticketing services firm that sells tickets to prominent entertainment shows, live events, festivals, etc. Their clientele includes high-profile entities like the Universal Music Group, Tomorrowland, Glastonbury Festival, the Houses of Parliament, and Louis Vuitton.
In a notice sent to impacted individuals, Vivendi says that some of its e-commerce sites were infected by skimmers between February 28, 2023 and July 2, 2023. This means that any transactions made on these sites during that time period might have exposed customer details to the hackers.
“In May and June of 2023, See Tickets’ third-party cyber forensic specialists determined that an unauthorized party inserted multiple instances of malicious code into a number of its e-commerce checkout pages resulting in unauthorized access to, and acquisition of, certain customer payment card information used to make purchases on the websites between February 28, 2023 and July 2, 2023.”See Tickets
Payment card skimmers are small snippets of JavaScript code injected onto the checkout pages of e-commerce sites with the goal of stealing information the clients enter on the ordering form. This information typically includes:
- full names
- email addresses
- shipping addresses
- payment card number
- holder name
- expiration date
- CVV code
Many times, the malicious code snippet is loaded from an external source on the fly to evade detection, triggered by a stealthy image file or another invisible element injected on the checkout page. Other times, the skimmers create and overlay a bogus ordering form for visitors of the payment page, who enter their details thinking they are checking out on the real website.
There are notorious hacking collectives specializing in this process, like Magecart, who exploit flaws in e-commerce platforms, primarily Magento, to inject info-stealing malicious scripts. The only way for website owners to protect against this threat is to perform regular audits and use strict content security and third-party script execution policies in combination with web application firewalls.
Unfortunately for See Tickets and 323,498 of its customers who purchased tickets between February and July 2023, the platform’s safeguards were not effective enough to defend against this otherwise prevalent threat.
The breach notice include instructions for enrolling in a free, 1-year identity monitoring service through Kroll. However, users should also consider reporting the compromise to their card issuer, place a credit freeze, and closely monitor their accounts. The direct threat for compromised people is that the hackers will make online purchases and pass the goods through “money mule” networks worldwide, so that the trace is lost.
Whenever possible, it is a good practice to purchase goods and services using digital payment methods instead of credit or debit cards. Another option would be to use one-time, private cards that have a specified charging limit. We discuss these options and more in our private payments guide.
Leave a Reply