If you’ve bought entertainment tickets from Ticketek in Australia, there’s a good chance some of your data is now possibly floating around on the dark web. What can you expect?
What a week it has been for security in the entertainment industry. Ticketmaster saw a breach that it has yet to confirm, and apparently it may not be the only ticketing services provider affected locally.
To finish the week, rival Ticketek sent out this seemingly unrelated but entirely coincidental email to customers:
We are writing to let you know that Ticketek has become aware of a cyber incident impacting Ticketek Australia account holder information, which is stored in a cloud-based platform, hosted by a reputable, global third party supplier.
Officially, it’s a cyber incident, but it may as well be a breach. Data has been leaked, and that is the very definition.
The good news is that Ticketek has confirmed credit card details don’t appear to be a part of the cyber incident, with Ticketek noting that “credit card information and transactions are processed via a separate payment system which has not been impacted”.
The bad news is that some details for Ticketek account holders were a part, including your name, email address, and date of birth.
That’s a limited amount of information, for sure, but there’s still a risk of repercussions, so what can happen, and what should you do?
Check your passwords
First up, it’s time to check those passwords, particularly if you use one based on your date of birth.
Using a birthdate isn’t a fantastic password practice, but it’s one many people do, and with a date of birth out there in the world, it’s entirely possible for scammers to join the dots and find ways to use this data against you.
Check your passwords and change what you need, using approaches designed to make your passwords more unique and harder to break.
Active multi-factor authentication
This one will keep on popping up as a recommendation because it’s just that useful: switch on a form of multi-factor authentication to need at least two ways to log in to services.
Also known as 2FA or 3FA, multi-factor is that system you’ve seen where once you enter a password, you’re asked to check your phone or email address for another code.
It’s a secondary or tertiary factor to help secure who you are for the service you’re logging into, and a helpful way of improving login security overall.
Watch your emails for increased phishing attacks
With no phone numbers released in this breach, you may not get as many SMS smishing attempts (phishing over SMS) with fake Ticketek websites from scammers. But you may find some coming through over email soon, as scammers look to capitalise on affected individuals.
Like all phishing emails, working out what is legit is often about looking at the finer details, and not clicking on any links.
Phishing emails can’t fake an email from a real domain, which in Ticketek Australia’s case appears to be info.ticketek.com.au. If an email purporting to be from Ticketek arrives without that in the actual email field, it is very likely to be a scam.
It’s a similar situation if you hover over the links. Much like how scammers can’t fake an email address of the real company, they also can’t fake where their phishing websites are located. A scammer cannot host their website on the company they’re claiming to be, so hovering over a link can help you work out whether an email is legit. Don’t click, just hover.
Stay vigilant
Finally, one of the best things you can always do is to stay vigilant looking when dealing with potential security risks, and take emails and SMS with a grain of salt if you don’t recognise the sender.
Australians lose a staggering amount to scams each year, and staying aware of what is going on while being vigilant with your own devices and data is one of the better ways to ensure you don’t become one of those numbers.
