Ticketweb Users Hit With Spam After Data Breach
Written by Sue Walsh on February 23, 2012
Customers of a Ticketmaster subsidiary called TicketWeb were hit with a wave of spam
after the company’s servers were hacked into earlier this month. The company caught the attack and informed customers the next day, but the damage had already been done. The email addresses that were stolen were spammed with emails that looked like they were from Ticketweb but that pushed a fake Adobe Reader update. TicketWeb sent out an email to its customers saying:
“Please do not click this link, but delete the email.
We have taken immediate action to close the vulnerability. You can rest assured that none of your credit card information was vulnerable during this attack.
We sincerely regret any inconvenience this has caused. We are continuing to investigate this unauthorised access, and will send you a follow-up email when we have additional information.”
The company refused to say how many email addresses were stolen but insisted no credit numbers or other sensitive financial info was stolen. While it was not near as serious as last year’s Epsilon breach, it still raises concerns about just how safe customer info is online. At least Ticketweb was able to detect it – when Travelodge was hacked last year they had absolutely no clue until their customers started complaining.
These types of breaches are increasing and much of the time, lead to spam or phishing attacks. Scammers may think harvesting email addresses this way gives them the ability to launch a more targeted attack which could lead to increased returns.
Loading ...
TicketWeb should add this as one of their “Upcoming Events” – fix online system framework. With the likes of Sony, Epsilon, Nintendo, BP, Shell Automatic Data Processing Inc, and even the International Monetary Fund (IMF), TicketWeb should have learned from these companies past mistakes. It is becoming too often that most of these organizations’ online system becomes a target of attack. I think every week you’ll always hear news of breaches and hacks, which makes me wonder why again?
And what makes me sick to the stomach is that these enterprises don’t divulge the full details of the attack. They can’t even tell how many accounts were affected.
These attacks are going to keep coming and get more and more ambitious, but eventually they’re going to wind up with all the email addresses they can get, and then we’re back to square one. It’s the credit card info I’m worried about having taken, which already happened once to me. They want my email address, fine, I can update my spam filters and be on my guard and it doesn’t make a huge dent in my life. Once the numbers start moving in my bank account, then I start sweating.
Adobe Reader update is one of the most exploited download phishing attacks on the web mainly because it’s also one of the most less secured software. When you received an email telling you to click a button for your Adobe Reader download to begin or if your operating system pops up a download window, confirm it first by going to http://get.adobe.com/reader. You can download the updated version or the software itself from there.
It’s also a good practice if you turn off automatic downloading of updates. This way, you have a complete control of all your programs and apps. It can also save you precious storage space.