See Tickets Hit by Magecart… Again?!

see tickets hit by Magecart
Share article
twitter linkedin medium facebook

They say that lightning never strikes twice in the same place, but it’s happened anyway. See Tickets has been hacked again in its second Magecart attack. See Tickets is owned by French media giant Vivendi, and it’s one of the biggest names in the event ticket sales industry. The company made news in 2022 after falling prey to a web skimming attack that harvested the credit card details of its online customers. The exact number is unknown, but more than 90,000 people were estimated to have been affected in Texas alone. This initial breach began in 2019 and went on for two and a half years before it was detected and finally shut down, so it’s very unfortunate for the company to once again be making news because of a second security lapse.

See Tickets Magecart #2: What we know this time

According to a report filed with Maine’s attorney general, See Tickets suffered the latest breach on February 28, 2023. The company noticed suspicious activities on certain of its websites in May, and forensic specialists established which customers may have been affected by July 21. The payment details and personal information of 559 of the state’s residents were affected (which is presumably the reason for the filing) and those of 323,498 people in total.

The filing describes the cause of the intrusion as “External system breach (hacking)” and said that names or other personal identifying information as well as card numbers and security codes had been compromised.

Although the data breach was discovered in July, See Tickets only wrote to inform those affected on September 5. We don’t know all the facts yet, so there may be a legitimate reason for this delay, but with the previous attack still fresh in everyone’s memory, customers might have expected a swifter response.

The consequences

Neither the attack nor the response can be good for See Tickets’ reputation. For an online retailer of its stature to allow hackers to make unauthorized purchases for 124 days using stolen customer credentials and then take weeks to alert those affected would not inspire confidence in any brand. For this to be the second time a breach has happened raises serious concerns.

So far, See Tickets doesn’t appear to have been fined for the previous breach, but that’s not to say that it couldn’t happen. UK-based company Ticketmaster succumbed to a web skimming attack in 2018 and was fined £1.25 million ($1.55 million). Will payment providers decide that a second offense merits penalties in this case? Time will tell.


Something that we can be sure of is that the person in charge of See Tickets’ PCI-DSS compliance strategy will have plenty to think about at the moment and that Reflectiz could be making things a whole lot easier for them. Our solution is designed to secure websites against next-generation client-side skimming attacks like Magecart, along with many other threats to companies’ digital ecosystems. It detects and alerts users to the kind of unauthorized changes that Magecart hackers may be thinking about even now as they plan their third breach. 

These kinds of client-side attacks now pose a huge security challenge to businesses and their customers. Malicious actors are becoming more sophisticated, using increasingly evasive tactics to hide their scripts from traditional security defenses. They’re using obfuscation techniques such as specially crafted images or malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts to deliver and hide their malware payloads, which may be why lightning was able to strike twice in this case.

Reflectiz can help because it’s a remote solution with unrivaled oversight. It’s designed to detect code changes, arrange them by threat level, and alert you accordingly. It lets you know which scripts are accessing sensitive data and where they are trying to send it, alerts you to unauthorized activities such as keylogging, and presents all the information in an interface that maximizes effectiveness while minimizing alert fatigue.

Protect your business from becoming the next Magecart headline. Sign up for a personalized demo today.


Take control

Stay up to date with the latest news and updates

Your Website looks great!

But what’s happening behind the scenes?

Discover your website blind spots and vulnerabilities before it’s too late!

Try for free