Effective steps to enhance security after the Ticketmaster data breach.
A massive data breach affecting major corporations like Ticketmaster, Santander Bank, and LendingTree has impacted the personal information of hundreds of millions of consumers.
The hack occurred when cloud storage accounts used by more than 165 organizations were compromised using stolen login credentials. The threat was first discovered in April, with ongoing attacks continuing into the beginning of June. That’s when Live Nation finally announced that its Ticketmaster platform had been hacked, with 560 million customer records showing up on the dark web.
Those records include customer names, addresses, emails, credit card details, ticket order information, and more. Security researchers said the hackers in possession of the data were offering it for sale for $500,000 — and that Ticketmaster itself had expressed interest in buying back the information, perhaps to try and mitigate some of the reputational damage done by the news.
How did the data breach happen?
Details are still thin — and Snowflake, the cloud storage platform that was compromised in the attack, even rescinded a statement taking responsibility for it. For now, cybersecurity experts say that hackers appear to be leveraging stolen login credentials collected in past malware infections.
Hackers often try those password and username combinations repeatedly until they unlock access to information databases. Once inside a network, they can quickly download data and disrupt entire systems, upping the ante for affected platforms like Ticketmaster to do whatever it takes to restore normal operations.
What lessons can be learned from this hack?
Cybersecurity experts say that attacks like this are preventable — if consumers, businesses, and IT providers take the following steps to protect information and surround their systems with multiple layers of security. Here’s what CMIT Solutions suggests:
● Ticketmaster users should keep an eye on their accounts for any unauthorized activity. Since credit card numbers and bank account details were compromised in this latest cyberattack, there is a chance that hackers could try to use that information for illicit purchases and unauthorized transfers. If you notice anything amiss in your financial statements, contact your bank immediately.
● Strengthen passwords using long, memorable phrases that contain letters, numbers, and symbols. Every extra character you add to your password makes it exponentially more difficult for hackers to steal it. Combine unrelated words bookended by numerals or special characters — the goal is to make it easy for you to remember but difficult for others to guess. In addition, try not to reuse the same password on different accounts.
● Consider using a password manager. You’ve created a strong and unique password for every account — how do you possibly remember them all? App or web-based password managers help you securely store and generate multiple passwords, streamlining login procedures with a master password that encrypts all of your personal and business accounts.
● Turn on multi-factor authentication (MFA) immediately. A stolen password can be rendered useless by hackers — if you have MFA implemented on your account. MFA requires something you know (a password) along with something you have (a unique code, phone notification, or biometric verification) to log in. Cybersecurity experts speculate that the Ticketmaster hack occurred because of the lack of MFA protocols in place on cloud storage accounts.
● Beware of fake vendors. Cybercriminals will double down on news events like the Ticketmaster breach by sending out emails that pose as either the vendor or associated financial institutions. Watch out for phishing attempts that try to leverage concerns about the hack, invite you to join class-action lawsuits related to it, or serve as warnings about unauthorized banking transactions.
● Take your time to counteract phishing emails. Since phishing attacks often impersonate brands you know or use language that encourages urgent attention, it can be easy to overlook obvious markers like misspelled subject lines or fake domain names. Anytime you get an alert about a missed delivery, an account suspension, or a security notification, take a few extra minutes to review the sender’s name and address, the subject line, the body copy, and the call to action. Confirm that URL addresses and hyperlinks match, and flag anything that looks like junk or spam so your email account will improve its filtering capabilities in the future.
● Don’t store credit card details. E-commerce companies rely on our desire for convenience when they ask to store your credit card details. It’s certainly easier to not have to enter those long numbers more than once. However, as the Ticketmaster breach illustrates, there are negative consequences to such actions. Take the extra minute to manually enter credit card information and click “No” or “Never” when sites ask whether you want to save it.
● Consider identity theft monitoring. In the wake of big data breaches, the use of monitoring services skyrockets. Consider setting up credit report and identity theft alerts that can quickly spot unfamiliar activity or stop suspicious transactions. More advanced tools deployed by a trusted IT provider can even tell you if your information is being traded illegally online — and help you recover in the event that identity theft does occur.
With ransomware attacks on the rise and data breaches affecting companies of all sizes, it’s critical to focus on password protection and cybersecurity. With a reliable IT partner by your side, you can protect your business and secure your data in a way that blends in seamlessly with day-to-day operations.
That’s particularly important when it comes to login protocols and administrative access. Security enhancements should fit the workday rhythms of your employees, making the login process easier and more secure — not more cumbersome or frustrating.
If you’re worried about data breaches or were impacted by the Ticketmaster hack, CMIT Solutions is here to help. We know the ins and outs of MFA and can deploy multiple layers of protection to keep your business safe. We can help you create strong passwords, beef up IT defenses, and empower employees by boosting productivity and increasing efficiency.
Want to know more? Contact CMIT Solutions today.