From the maybe-if-we-just-say-it’s-not-our-fault? dept, Gareth Corfield reports:
Ticketmaster is telling its customers that it wasn’t to blame for the infection of its site by a strain of the Magecart cred-stealing malware – despite embedding third-party Javascript into its payments page.
In a letter to Reg reader Mark, lawyers for the controversy-struck event ticket sales website said that Ticketmaster “is of the belief that it is not responsible for the Potential Security Incident”.
They were referring to the June 2018 infection of its UK website with the Magecart payment credential-stealing malware. At the time, Ticketmaster publicly blamed “a customer support product hosted by Inbenta Technologies” for the infection. Inbenta chief exec Jordi Torras immediately hit back, telling us in June: “Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat.”
Read more on The Register.