26 June 2018
Dear Valued Customers & Users,
By now, you may be aware of the security breach related to Inbenta technology that may have impacted some Ticketmaster customers.
As the CEO of Inbenta, I’m writing you to convey (1) the full scope of the breach, and (2) how we have worked to ensure the issue is resolved:
1) On the evening of Saturday, June 23rd, we received notice from our customer Ticketmaster that the personal data of its users may have been compromised.
Upon further investigation by both parties, it has been confirmed that the source of the data breach was a single piece of JavaScript code, that was customized by Inbenta to meet Ticketmaster’s particular requirements. This code is not part of any of Inbenta’s products or present in any of our other implementations.
Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability. The attacker(s) located, modified, and used this script to extract the payment information of Ticketmaster customers processed between February and June 2018.
2) We have resolved the vulnerability as of June 26th. We have also thoroughly checked all custom and general scripts and snippets, and we are completely confident that no other customer of Inbenta has been compromised in any way. We can fully assure our customers and end-users that no other implementation of Inbenta across any of our products or customer deployments has been affected. If you’d like more information about the breach, we have posted Security FAQ’s regarding this incident to our website.
We’re truly sorry that the use of our technology resulted in a violation of Ticketmaster users’ privacy. The privacy of our users is one of our core values, and we will continue to take every measure in our own power to safeguard the personal information of all users who interact with our products.
Sincerely,
Jordi Torras
CEO of Inbenta