Ticketmaster warns of hacked mailing list, Adobe Reader spams sent out

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

The UK branch of the ticketing firm Ticketmaster has warned its online customers that they might have received a series of unauthorised emails after its TicketWeb subsidiary’s mailing list system was compromised.

TicketWeb email warning

It appears that the first Ticketmaster knew of the security breach was when a customer informed them via Twitter on Saturday.

[tweet https://twitter.com/Ticketmaster/status/168405976280596480]

Blogger David Cannings, shared more information about the unauthorised TicketWeb emails, which he discovered pointed to a bogus Adobe Reader download page.

Sign up to our free newsletter.
Security news, advice, and tips.

Bogus Adobe download website

The emails reportedly claimed that the recipient’s version of Adobe Reader was out of date and offered a link where a new version could be downloaded. Hardly the kind of email you would normally expect from Ticketmaster..

Bogus Adobe email

As regular readers of Naked Security should know well by now, the only place you should ever download an update to Adobe Reader (or indeed Adobe Flash) from is Adobe’s own website.

TicketWebA spokesperson for the ticketing firm was keen to reassure customers that “no sensitive personal information or credit card information was vulnerable directly from the TicketWeb UK direct email marketing system during this incident.”

Of course, there are two problems here. As well as customers needing to be warned about the unauthorised emails sent via TicketWeb’s mailing list, Ticketmaster also needs to ensure that its various mailing lists can not be hacked again.

After all, customers will unsubscribe pretty quickly and take their business elsewhere if they find the email address that they have given Ticketweb, or or its parent firm Ticketmaster, is being used by spammers.

If a mailing list is compromised it can be a very effective way for fraudsters and cybercriminals to communicate maliciously with a firm’s customers, with the advantage of bearing all the hallmarks and headers of a legitimate email from a company they trust.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.