Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
The data breach that Ticketmaster revealed in June is part of a larger credit card-skimming operation that has hit more than 800 e-commerce sites across the internet, according to cybersecurity firm RiskIQ.
Hackers were able to penetrate InBenta Technologies, a firm that works with Ticketmaster, according to RiskIQ. Ticketmaster itself wasn’t breached, according to the firm.
By going through InBenta, the hacking group known as Magecart was able to access payment information. Magecart used a similar strategy on many other websites, meaning it could have stolen the credit card information of thousands of people on various websites by targeting only a few companies, RiskIQ found.
The change indicates that “they seem to have gotten smarter,” RiskIQ wrote in its report. “Rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly.”
The cybersecurity firm said it had now “identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world.”
Ticketmaster originally announced that the breach had affected only four of its websites from February to June 23, but the RiskIQ report listed as many as 17 different Ticketmaster websites over a greater period.
InBenta did not respond NBC News’ requests for comment. Ticketmaster did not immediately reposed to a request for comment.