The data breach that Ticketmaster revealed in June is part of a larger credit card-skimming operation that has hit more than 800 e-commerce sites across the internet, according to cybersecurity firm RiskIQ.
Hackers were able to penetrate InBenta Technologies, a firm that works with Ticketmaster, according to RiskIQ. Ticketmaster itself wasn't breached, according to the firm.
By going through InBenta, the hacking group known as Magecart was able to access payment information. Magecart used a similar strategy on many other websites, meaning it could have stolen the credit card information of thousands of people on various websites by targeting only a few companies, RiskIQ found.
The change indicates that "they seem to have gotten smarter," RiskIQ wrote in its report. "Rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly."
The cybersecurity firm said it had now "identified nearly 100 top-tier victims, mainly online shops of some of the largest brands in the world."
Ticketmaster originally announced that the breach had affected only four of its websites from February to June 23, but the RiskIQ report listed as many as 17 different Ticketmaster websites over a greater period.
InBenta did not respond NBC News' requests for comment. Ticketmaster did not immediately reposed to a request for comment.
Chili's data breach may have exposed credit and debit card infoMay 14, 201800:25
Other third-party companies targeted by Magecart include SocialPlus — also used by Ticketmaster — PushAssist, Clarity Connect and Annex Cloud, according to the report.
Magecart is a threat on the same or greater scale as the recent data breach of Target where “point-of-sale systems” were compromised, according to RiskIQ.
The cybersecurity company also found that the hackers had such extensive access to third-party companies' systems that they could leave messages or threats for administrators that tried to remove the code that allowed them to take credit card information.
Risk IQ published a screengrab of a threat that Magecart left in a Clarity Connect system: "If you will delete my code one more time I will encrypt all of your sites! You very bad admins."