UK researcher says one line of code caused Ticketmaster breach
Third party code, people… third party code.
He pointed out that while Inbenta had provided Ticketmaster a customised JavaScript one-liner, the ticketing company had placed this chatbot code on its payment processing website without informing Inbenta it had done so. “This means that Inbenta’s webserver was placed in the middle of all Ticketmaster credit card transactions, with the ability to execute JavaScript code in customer browsers,” Beaumont said.
Sigh.