[ad_1]
The hacking of Ticketmaster was made possible because the ticketing website exploits the code of Inbenta, a software publisher specializing in customer support. This is not surprising in itself, since it often happens that retail sites use external service providers to provide, among other things, the payment module. However, Ticketmaster's misadventure reveals that these external providers may be a weakness.
RiskIQ, a security solutions company, has reported that ZDNet.com has discovered at least 800 commercial sites that have been subject to similar fraud. These sites used the provider codes that were themselves hacked, which resulted in the codes being changed. The actors behind piracy have been active since 2015 under the name of Magecart.
RiskIQ does not mention any name, other than SocialPlus, a social network management tool, whose code provided to customers would have been manipulated by pirates. "Each button or form has been designed to allow hackers to collect the name and values that the user fills in the different fields at the time of pressing the button or sending the form, in order to transmit these data to servers in the hands of Magecart, "said a member of the RiskIQ team on ZDNet.com.
If these claims are true, it means that websites that process credit card data or other sensitive data must be vigilant with regard to the external modules they deploy. To imagine that one of these external providers has itself been hacked, the risk exists to see the data of customers pbaded to fraudsters or other criminals.
[ad_2]
Source link
