Ticketmaster mailing system hacked

Ticketmaster's British customers receieved malicious emails after its direct email marketing system was hacked.

In an email to customers and in a message on its Facebook page, the TicketWeb division of the ticketing firm said recipients of its direct emails may have received up to four messages on Saturday 11 February.

One email, seen by SC Magazine, had the subject line "Action Required: Update Your PDF Application", with links to an apparent software update.

According to a blog at edeca.net, the domain listed in the email points to a Ticketmaster domain with the mail server confirming that the message came from 209.104.36.83, an IP address registered to ‘Ticketmaster Online – CitySearch, Inc'.

“The fake website is nothing special but does use Adobe's trademarked logos and styles heavily," the blog read.

"The disclaimer at the bottom probably won't get them out of this. The website only exists to point the user to an affiliate link for some PDF-related software, which has nothing to do with Adobe itself."

“Nothing conclusively shows that Ticketmaster have been hacked. It could be an affiliate of theirs, or a customer who has permission to send emails using the Ticketmaster service."

"What is clear is that it definitely came from Ticketmaster and uses their service. Four hours after this was first reported to Ticketmaster on Twitter, the link still works and some spammers somewhere are still collecting the click-through cash.”

TicketWeb said it took immediate action to close the vulnerability and assured recipients that no credit card information was at risk.

“We sincerely regret any inconvenience this has caused. We are continuing to investigate this unauthorised access and will send you a follow-up email when we have additional information,” it said.

This article originally appeared at scmagazineuk.com