Incident Report Guessing: Chatbots, the BA Hack and Ticketmaster

One of the major problems with current incident response reporting is that it lacks a great deal of detail, and basically just gets a message out that there has been a hack. This leaves industry experts crawling over bits and pieces of information, in order to make sense of the attack. There are some hints that it could have been caused by 3rd party JavaScript integration (which changed on the first day of the data breach), but this has not been confirmed yet:

There is also speculation that the BA hack related to a similar mechanism to the Ticketmaster hack. I must say there is no current evidence of this, but here’s an outline of the Ticketmaster hack, and how it was detected by an external organisation (Monzo).

Introduction

The reporting of the breach happened on Wednesday 27 June 2018 and outlined that around 40,000 users had been affected, and included included credit card payment data, addresses, name and phone numbers.

The detection of the breach was on 23 June 2018, and within dates of the announcement, there were already reports of users being scammed. Every user on the site…