through source protection
Despite its name, leading ticket service provider C Ticket was blind to a card skimming attack that stole financial and personal information from its online customers for 2 1/2 years.
While the number of people affected by the breach is unknown, 92,074 victims were reported in Texas alone and an unknown number in Vermont. Looking at this information, the number of affected parties is likely to be in lakhs. The stolen data included payment card data (card numbers, expiry dates and CVV numbers) along with personally identifiable information such as names, addresses and pin codes.
The attack is similar to a 2018 attack against C Ticket’s main rival Ticketmaster UK, which was attributed to the Majekart group. Over 40,000 customer data was stolen in the attack on Ticketmaster.
The notorious Magecart hacker group has been responsible for some of the most sophisticated e-commerce attacks since 2015, exploiting vulnerabilities in one of the fastest-growing, lowest-margin channels in online retail: client-side digital supply chains, a key issue. Vulnerabilities – These need to be addressed and can be addressed easily and without adding a security burden.
Digital and security wake-up call
You can’t have a great web experience without these partners – but you can’t leave this code vulnerable. Source Conservation Research shows that Websites that process payment card data contain 16 third party software integrations, And that partner can bring up to 6 additional parties. With 3rd party scripts averaging in the double-digits and half of those partners adding 4th party scripts to the page, retailers need to pay more attention to strengthening client-side security.
The industry is woefully unprepared for these attacks, and action must be taken now to prevent more breaches this year. That’s why PCI recently included client-side security as a key focus in 4.0 – and why Source Defense is offering a risk-free solution for retailers that can be turned on even during seasonal website code freeze periods.
A simple, effective approach
The best approach to defeating client-side attacks and eliminating client-side risk is to take a proactive approach and deploy technologies that can stop attacks before they harm your business or your visitors. By managing the code that runs on your web pages and in your visitors’ web browsers, a client-side security platform enables real-time control over what client-side code can and cannot do, stopping even novel and inventive attacks before they exfiltrate data. .
The Source Defense client-side security platform was designed from the ground up to not only provide ironclad security, but also for burden-free deployment and continuous use. Source Protection can either scan and alert externally or protect automatically by deploying just two lines of code. Maintenance and upkeep takes only a few hours per month, ensuring that solving a new problem doesn’t strain already overtaxed security teams. Request a demo to learn more about how source protection can help you reduce physical risk to your organization, keep your partners protected from overreach and your enterprise from client-side attacks.
See the post Breach tickets highlight the dark side of web security.
*** This blog is a Security Bloggers Network syndicated blog – Source Security Writers [email protected]. Read the original post here: https://sourcedefense.com/resources/blog/see-tickets-breach-sheds-light-on-the-blind-side-of-web-security/